Tag Archives: Cyber Essentials

Start your journey on the road to cyber resilience

Posted on by
Reply

In today’s rapidly shifting risk landscape, IT security professionals have to do more than just build up a wall of defensive solutions in the hopes that it will be sufficient to ward off a cyber attack.

They also have to face the possibility that a cyber attack might be unavoidable and figure out how to keep that from shutting down their organisation. That’s why an essential part of any cyber security strategy is building cyber resilience.

What is cyber resilience?

Cyber resilience is the ability of organisations to stay agile if they become the victim of a cyber attack. Weaving it into your cyber security strategy gives you an edge when you need to act fast.

By making smart choices when selecting defensive solutions, you don’t just gain protection against cyber attacks – you also gain valuable tools that empower your business to pivot as needed to minimise business disruption in the event of a successful cyber attack.

Why does it matter to my business?

If you think about what might happen to your business during a successful cyber attack scenario:

  1. Would your operations grind to a halt?
  2. How much money would you lose from the resulting downtime?

Today’s cyber attacks are more complex and more dangerous than ever before. Cyber security experts are innovating all the time, but so are the criminals – and they are just as motivated to damage your business as you are to defend it.

By building cyber resilience, organisations can ensure that they are agile and ready to act fast, deploying smart tools that maximise their defensive resources in case of trouble.

How can I boost my company’s cyber resilience?

A cyber resilient organisation has a variety of tools at their fingertips that can minimise business disruption in the event of a cyber attack. Build your cyber resilience by adding solutions with features that enable you to act fast in order to segment, block and stop damage. These solutions would include:

  • Email Security Gateway
  • DNS Security
  • Security Awareness Training
  • Simulated Phishing
  • Advanced Endpoint Protection
  • Mobile Threat Defence
  • Vulnerability and Patch Management
  • 24/7/365 Device Monitoring
  • Firewall Management
  • Technical Reviews
  • Privileged Access Management
  • Email Encryption
  • User Admin Privilege
  • Cloud Access Security Broker
  • Data Analysts
  • Network & Log Security Monitoring
  • Office365 Monitoring
  • Back Up and Disaster Recovery

In conclusion

Technical defensive tools alone aren’t enough to protect a business anymore. That’s why embracing cyber resilience is crucial if companies want to truly protect themselves against cyber crime. Cyber resilient organisations combine strong security solutions with active, people-based defences for flexibility of response during a cyber attack.

Need Help?

Save time, money and resource with our cost-effective managed cyber security services designed to keep your users safe, protect your core infrastructure, enhance your security and mitigate risk. By utilising our expertise and experience you’re leveraging an enhanced team who are constantly trained and certified in all specialist areas.

We work alongside industry-leading vendor partners and invest the time and resources, so you don’t have to.

Security Posture-as-a-Service 

*This article was originally published here.

If you’d like more information, please get in touch.

Security Posture-as-a-Service 

Posted on by
Reply

O365 and Antivirus can’t cover it all

When you are busy running a SME with 101+ things to manage, you could be forgiven for thinking all bases are covered with O365 native security features and an antivirus product.

But with cyber criminals innovating faster than entry-level security features can keep pace with, affordable managed security services protect your core infrastructure without taking up your time or resources to manage them.

Security Posture-as-a-Service Animation

Watch our short animation to see how Security Posture-as-a-Service allows you to enhance your security posture, while being free to run your business.

Need to improve your cyber security posture?

Whether you’re just starting out, or know you need to invest more in technology and resource, our handy calculator, featured on the MyRedFort community, offers a comparison between taking it in-house vs using a managed security service.

Security Debt and the SME 

Posted on by
Reply

Counting the cost of cyber security

Cyber security debt is a result of the perfect storm businesses face as they accelerate towards digital transformation. 

Expanding cyber attack surfaces, lack of investment in technology and skills are exposing SMEs to great risk.

A perfect storm 

Arguably, businesses have needed to focus on keeping their workforce productive and providing continuity in their performance for their customers. This has led to a large proportion of the workforce working outside the usual place of work, often using their own devices.

As a business leader, it also won’t have escaped your notice the reports across various media of the alarming rise in cyber attacks such as phishing scams and ransomware demands. This isn’t scaremongering, it’s fact. SMEs are now the main target of cyber criminals because they know they’re easier to breach than larger enterprises who have many more safeguards in place.

What is Security Debt?​

Security debt is the continuing accumulation of security vulnerabilities in your software that compound to make it harder (read: impossible) to deploy enough remediation to secure your data and people from attacks. Unlike technical debt, which may get in the way of releasing new features for the needs of the business, the growing pile of security vulnerabilities puts your organisation at an increased risk from cyber attacks. 

How do I know if I have security debt? 

Unless you live and breathe your own technology environment the likelihood is, things are getting missed.  Whether you’re aware of it or not, it’s likely you already have some security debt. This is because the threat landscape is continually shifting and the number of technologies available on the market to fix problems are vast. Throwing individual technologies at specific cyber issues isn’t the answer.  

For example, many businesses think Microsoft 365 and their Antivirus has their needs covered – this simply isn’t the case. As a business grows it’s exposed to greater and greater risk as security controls don’t keep ahead of the complexities and gaps when a patchwork cyber security strategy is in place. Cyber security debt accumulates as a result of failing to implement the right security controls and cyber security strategy.

I can’t see or feel the debt, why should I care? 

The cost of reducing or eliminating security debt is far less than the potential cost of a data breach in terms of incident response, fines, loss of customer and investor trust, and possibly litigation. In many ways, it should be considered an investment – an insurance policy, if you like.

Be smarter, more is not more 

No business has unlimited budget or skills within their business to throw at their security posture, nor should it be required.  Some businesses buy way too much security software because they think more is more.   

The key is understanding what you need to protect and applying the right resource to it. 

Start the conversation 

Talk to your employees – Tell them how to look after your data and behave online. 

Talk to your board – Get them to understand the importance of prioritising cyber security and the implications for business continuity if it’s not . 

Talk to us – Even implementing basic security best practices or managing a limited amount of cyber security technology can be a big task without any, or the right, staff. We know our stuff and are happy to take time to understand what your business needs.

Discover a boardroom case for cyber security as a managed service!

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/security-debt-and-the-sme

A Boardroom Case 

Posted on by
Reply

For cyber security as a managed service

Cyber attacks on British businesses are becoming more frequent and more sophisticated – that’s a dangerous combination. Although an attack remains statistically unlikely, the chances are increasing almost daily.

Despite these trends, too many firms are still adopting passive, reactive policies, only reacting after an attack has happened. The question to ask yourself and your board of directors is whether you would be happy to leave the contents of your home uninsured, and only react if you had a burglary.

Think of your cyber security strategy as an insurance policy. While the best tools used to be affordable only to large enterprises, they are now much more accessible to SMEs. Given this, the challenge becomes how to bring it onto your management team’s agenda.

IT needs to be an innovator

As a highly digital economy, it is vital to be at the top of your game in the UK market. Whether your customers are B2B or B2C, evolving customer demands, operational efficiency, and the need to differentiate your products or services means IT needs to be at the centre of everything you do.

To do so, the limited IT resources you have cannot be consumed by tactical activities such as cyber security defences. Bailing water out of a leaking boat is a guaranteed way to ensure you never have the time or focus to drive new digital products or experiences for your customers.

By outsourcing “keeping the lights on” IT tasks such as cyber security, internal IT teams can be put to much more strategic use to innovate, create and develop. In the digital age, the reality is that every business initiative is an IT initiative – or at the very least needs involvement from IT.

Communicate the cost of an incident

Although the most common link is with paying a ransom demand, there are many ancillary costs associated to a cyber security incident – so much so that the response to the incident often proves much more expensive than preventing them in the first place.

And that assessment does not factor in the great intangible of reputational damage – the loss of public trust. In short, if your customers lose trust in you, they will leave.

Not only that, but it is estimated that only 35% of SMBs could remain profitable for more than three months without access to vital data.

To compound the issue, there is a recognised cyber security skills shortage in the UK. This makes it difficult to hire in specialist cyber security professionals, and as a result it can mean IT generalists without specific cyber skills trying to plug the gap.

Protecting the core of your business

More than 90% of successful hacks and data breaches start with phishing scams. By focusing on this threat and eliminating it, you can significantly reduce the cyber security risk factor.

By adopting cyber security as a managed service, you can focus on what matters to your without worrying about managing the burden of day-to-day IT infrastructure. With NetUtils managed services, you gain access to their highly trained, certified and experienced technical team who will manage, review and maintain your critical infrastructure so you don’t have to.

Managed cyber security versus in-house

Four ways managed cyber security services trump in-house recruitment:

  1. Remove the pain and cost of recruitment: The cyber security skills shortage in the UK makes it difficult and expensive to recruit in-house
  2. Short term-ism: The average tenure of senior security leaders is less than 3 years
  3. Fills knowledge gaps: Only 6% of companies have a CISO on the board of directors, with the result being a lack of focus on security strategy
  4. Lack of skills: The number of technologies needed in a comprehensive security strategy make it hard to acquire those skills in-house

Find out more

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/the-boardroom-case-for-cyber-security-as-a-managed-service/

Cyber Security Check-In

Posted on by
Reply

How is 2022 going so far? 

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, the senior management team at NetUtils offer their observations on how businesses are adapting to the evolving working landscape.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer, NetUtils

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations are now looking at the often-temporary measures rushed out to support home workers that are now becoming standard.

Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Although Ransomware isn’t new, the last year has seen its meteoric rise in the public consciousness and indications show this year is, unfortunately, more of the same.
Malcolm Orekoya, Chief Technology Officer, NetUtils

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022.

The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies  that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread.

The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that this will gain a great deal more attention from enterprises.

Tighter regulatory oversight for the public sector.
Ashok Thomas, CEO, NetUtils

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier.

If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. I’d expect these requirements to spread to anybody that supplies into the public sector.

The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory.

These are just some of the issues faced by organisations big and small, public or private sector. SMEs are often particularly vulnerable if they lack the skills and resources to adapt at the pace required.

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/cyber-security-check-in/

[Blog] NetUtils’ 3 Top Cyber Security Predictions for 2022

Posted on by
Reply

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, read all about it from our senior management team as they weigh in on their thoughts for 2022.

Looking at 2022, and it seems clear that there will be tighter regulatory oversight for the public sector. 

Steve Nicholls, Commercial Director

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier. If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. And I would expect these requirements to spread to anybody that supplies into the public sector. The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory. 

Although Ransomware is certainly not new, the last year has seen its meteoric rise in the public consciousness and the coming year will unfortunately be more of the same.

Malcolm Orekoya, Chief Technology Officer

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022. The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread. The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that 2022 will be a year where its starts to get a lot more attention from enterprises.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations must now look at the often-temporary measures rushed out to support home workers that are now becoming standard. Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Knowing where to start with your organisations cyber security can be confusing. Have you considered a dedicated cyber security platform to help reduce the risk of a cyber incident?

Discover the NetUtils Cyber Security Platform here >

Take Control of Your Cybersecurity Posture with CyberScore

Posted on by
Reply

Network Utilities and XQ Cyber have joined forces to bring you a new and exciting award-winning solution that will save you money and improve performance in your business.

Businesses of all sizes can take control of their cybersecurity by using this award winning solution.

CyberScore is an automated testing service that allows you to take control of your cybersecurity by detecting vulnerabilities and providing you with empirical evidence and get well plans. The score itself also allows you to clearly demonstrate to the board simply where your organisation currently stands in terms of its cyber risk rating and security posture.

We would like the opportunity to show you how CyberScore can and will reduce your costs, give you full visibility of your cybersecurity posture and improve performance.

With CyberScore you will be able to:

  • Dramatically reduce pen testing costs
  • Improve quality of compliance
  • Prioritise vulnerability data into easy to understand recommendations
  • Track progress and watch your cybersecurity health improve as measures are implemented
  • Track cyber risk across third parties
  • Share easily digestible reporting across the business
  • Measure performance against the requirements of the UK Cyber Essentials Plus scheme

Fill in the form below and let’s get started.