Cyber Essentials will turn five in a couple of days (first launched on 5th June 2014).
Expert Comments:
Andy Kays, Technical Operations Director at Redscan:
“In five years, the Cyber Essentials scheme has achieved a lot, despite also being an extremely modest standard for security.
“Cyber Essentials strikes a balance between security and practicality. It is a simple and affordable process for most businesses, making it a fantastic place for companies to start on their cyber security journey, and its controls will also stop about 80% of attacks.
“We’ve seen that Cyber Essentials is already forcing change in behaviour in the public sector, with accreditation mandated for all companies bidding for UK Government contracts. I would like to see this carry into the private sector more too, as it is a great way for businesses to easily differentiate their suppliers.
“Looking ahead to the next five years, recent statements from DCMS that Cyber Essentials may be simplified are concerning. I’m not sure a watered down version serves anybody, and I certainly don’t want to see controls relaxed on matters as important as patching.
“For businesses still yet to seek certification, my advice is to do so asap but use this as a starting point. From there, it is important to address the remaining 20% of threats to the best of your ability. This should include staff awareness training, as well as proactive security measures such as penetration testing and network and endpoint monitoring.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.