The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments. The Minimum Cyber Security Standard announced this week presents a minimum set of measures which all government departments will need to follow, although the hope is that they will look to exceed these at all times. IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
While ideal, it is probably not feasible to force this across all organisations outside of government bodies, but it could be used as a baseline for third parties wanting to do business with government departments.
A good next step would be to extend the scope of minimum cybersecurity standards to apply to vendors, particularly IoT or smart device manufacturers.”
Martin Jartelius, CSO at Outpost24:
IT is a crucial part of any business so by defining and setting a baseline or best practices via regulatory control, it sends a strong signal and prompts businesses to improve their security awareness.
The success or failure of this mandate will depend on the implementation. The danger is whether this becomes another compliance ‘checkbox’, where the regulation does set a clear baseline or bare minimum requirement, resulting in organizations doing as little as possible to be compliant, rather than to become secure.”
Andy Norton, Director of Threat Intelligence at Lastline: