Large UK organisations offered ten steps to stay ahead of cyber threat
Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.
Cyber security professionals at large and medium sized organisations have today been given access to a suite of refreshed guidance to help them stay ahead of current and emerging cyber threats.
The guidance, 10 Steps to Cyber Security, is a collection of advice from the National Cyber Security Centre – a part of GCHQ – that supports CISOs and security professionals keep their company safe by breaking down the task of protecting an organisation into ten components.
It is being unveiled during CYBERUK, a virtual gathering of thought leaders from the cyber security community and hosted by the NCSC.
The 10 Steps to Cyber Security, which were first published in 2012 and are now used by a majority of the FTSE350, have been updated to capture challenges posed by the growth of cloud services, the shift to large-scale home working, and the rise and changing nature of ransomware attacks.
Sarah Lyons, NCSC Deputy Director for Economy and Society, said:
“The cyber threat landscape is constantly evolving and that’s why it’s really important that all businesses understand their cyber risk.
“Our 10 Steps to Cyber Security has been – and continues to be - a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy.
“Following our advice will reduce the likelihood of incidents occurring but also minimise impact when they do get through.”
The renewed ten components, all of which consider that home and mobile working is now the default for most large and medium sized organisations, cover:
- Risk management
- Engagement and training
- Asset management
- Architecture and configuration
- Identity and access management
- Vulnerability management
- Data security
- Logging and monitoring
- Incident management
- Supply chain security
The refreshed guidance, which can also be used by charities and public sector organisations, can be used in tandem with the NCSC’s Cyber Security Board Toolkit, which helps frame discussions between technical experts and the Board to ensure that online resilience is a high priority.