Wednesday 12 May 2021 @ 10:15
National Cyber Security Centre
Printable version

Large UK organisations offered ten steps to stay ahead of cyber threat

Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.

Decorative image

  • UK organisations offered refreshed guidance to stay ahead of emerging cyber threats
  • Renewed ‘10 Steps to Cyber Security’ advises on the growth of cloud services, the shift to home working, and the rise of ransomware
  • Advice updated on the first day of NCSC’s flagship CYBERUK 2021 ONLINE conference

CYBER security professionals at large and medium sized organisations were yesterday given access to a suite of refreshed guidance to help them stay ahead of current and emerging cyber threats.

The guidance, 10 Steps to Cyber Security, is a collection of advice from the National Cyber Security Centre – a part of GCHQ – that supports CISOs and security professionals keep their company safe by breaking down the task of protecting an organisation into ten components.

It is being unveiled during CYBERUK, a virtual gathering of thought leaders from the cyber security community and hosted by the NCSC.

The 10 Steps to Cyber Security, which were first published in 2012 and are now used by a majority of the FTSE350, have been updated to capture challenges posed by the growth of cloud services, the shift to large-scale home working, and the rise and changing nature of ransomware attacks.

Sarah Lyons, NCSC Deputy Director for Economy and Society, yesterday said:

“The cyber threat landscape is constantly evolving and that’s why it’s really important that all businesses understand their cyber risk.

“Our 10 Steps to Cyber Security has been – and continues to be - a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy.

“Following our advice will reduce the likelihood of incidents occurring but also minimise impact when they do get through.”

The renewed ten components, all of which consider that home and mobile working is now the default for most large and medium sized organisations, cover:

  • Risk management
  • Engagement and training
  • Asset management
  • Architecture and configuration
  • Identity and access management
  • Vulnerability management
  • Data security
  • Logging and monitoring
  • Incident management
  • Supply chain security

The refreshed guidance, which can also be used by charities and public sector organisations, can be used in tandem with the NCSC’s Cyber Security Board Toolkit, which helps frame discussions between technical experts and the Board to ensure that online resilience is a high priority.

Smaller organisations and sole traders are encouraged to familiarise themselves with the NCSC’s Small Business Guide, which contains advice tailored to meet the specific challenges they face. However, the wider principles outlined in the 10 steps are applicable to all organisations.

 

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/large-uk-organisation-10-steps-stay-ahead

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.