The UK government has launched a new certification scheme designed to help consumers establish whether an organisation has implemented basic cyber security measures.
Developed by the Department for Business, Innovation and Skills (BIS) a ‘Cyber Essentials’ certificate shows that the company is protected by firewalls, runs anti-malware solutions and understands the importance of frequent patching.
This certificate will play a part in the government’s IT procurement process. However, it doesn’t tackle advanced security features like encryption or two-factor authentication.
“The recent GOZeuS and CryptoLocker attacks, as well as the eBay hack, show how far cyber criminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent,” said Universities and Science Minister David Willetts as he launched Cyber Essentials.
Developed in partnership with the UK security industry bodies, Cyber Essentials lists requirements for basic technical protection from cyber attacks. These include boundary firewalls and internet gateways, secure hardware configurations, access control, anti-malware protection and patch management.
Certification is available to businesses, non-profits and government organisations. It will come in two versions: a regular Cyber Essentials certificate can be obtained after a quick self-assesment with third-party verification, but to get more reliable Cyber Essentials Plus, organisations will have to submit their systems for independent testing.
It is hoped that Cyber Essentials will help raise the confidence of consumers when shopping online, at a time when increasing numbers of familiar brands fall victim to hackers.
For example, last week High Street footwear retailer Office admitted that hackers had breached its website and gained access to customer details including names, physical addresses, phone numbers, email addresses and passwords, which were apparently all stored unencrypted.
The announcement was generally welcomed by the security industry. However, some experts have warned against relying on Cyber Essentials as a serious benchmark for network and data protection.
“This badge of approval from government could mislead businesses into believing that they are completely covered in all aspects of cyber security – when in fact, the Cyber Essentials Scheme concentrates on just five “basic but essential” security steps,” commented Ashish Patel, regional director of network security at McAfee.
“There are a number of stealth-like advanced evasion techniques employed by hackers, which can go undetected on an enterprise’s network for weeks or even months at a time. Businesses that believe they are secure, yet aren’t aware of this sophisticated threat, could be leaving themselves vulnerable.
“It’s important the government is clear in their message that businesses who are accredited by the scheme will still have to update their security defences regularly to stay on top of the changing threat landscape. If not, the only essential thing businesses will need is damage control.”
How well do you know network security? Try our quiz and find out!
Payroll records of nearly all members of the UK's armed forces have been exposed, reportedly…
Updates arrive for two iPad models (iPad Air and iPad Pro) as well as some…
US government sued by TikTok in bid to block law that will force sale of…
Tesla lays off software, service, engineering staff after disbanding Supercharger team, as major cull continues
Dominant Bitcoin ETF Grayscale Bitcoin Trust shows first net inflow since January as investors flock…
US campaign funding groups backed by cryptocurrency sector raise more than $102m as firms seek…