National Cyber Security Centre
Large UK organisations offered ten steps to stay ahead of cyber threat
Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.
- UK organisations offered refreshed guidance to stay ahead of emerging cyber threats
- Renewed ‘10 Steps to Cyber Security’ advises on the growth of cloud services, the shift to home working, and the rise of ransomware
- Advice updated on the first day of NCSC’s flagship CYBERUK 2021 ONLINE conference
CYBER security professionals at large and medium sized organisations were yesterday given access to a suite of refreshed guidance to help them stay ahead of current and emerging cyber threats.
The guidance, 10 Steps to Cyber Security, is a collection of advice from the National Cyber Security Centre – a part of GCHQ – that supports CISOs and security professionals keep their company safe by breaking down the task of protecting an organisation into ten components.
It is being unveiled during CYBERUK, a virtual gathering of thought leaders from the cyber security community and hosted by the NCSC.
The 10 Steps to Cyber Security, which were first published in 2012 and are now used by a majority of the FTSE350, have been updated to capture challenges posed by the growth of cloud services, the shift to large-scale home working, and the rise and changing nature of ransomware attacks.
Sarah Lyons, NCSC Deputy Director for Economy and Society, yesterday said:
“The cyber threat landscape is constantly evolving and that’s why it’s really important that all businesses understand their cyber risk.
“Our 10 Steps to Cyber Security has been – and continues to be - a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy.
“Following our advice will reduce the likelihood of incidents occurring but also minimise impact when they do get through.”
The renewed ten components, all of which consider that home and mobile working is now the default for most large and medium sized organisations, cover:
- Risk management
- Engagement and training
- Asset management
- Architecture and configuration
- Identity and access management
- Vulnerability management
- Data security
- Logging and monitoring
- Incident management
- Supply chain security
The refreshed guidance, which can also be used by charities and public sector organisations, can be used in tandem with the NCSC’s Cyber Security Board Toolkit, which helps frame discussions between technical experts and the Board to ensure that online resilience is a high priority.
Smaller organisations and sole traders are encouraged to familiarise themselves with the NCSC’s Small Business Guide, which contains advice tailored to meet the specific challenges they face. However, the wider principles outlined in the 10 steps are applicable to all organisations.
Latest News from
National Cyber Security Centre
Wanted: Cyber security innovators to help secure UK networks14/06/2021 11:15:00
Call open for pioneering companies to apply for new NCSC for Startups initiative.
Alert: Further ransomware attacks on the UK education sector by cyber criminals04/06/2021 16:10:00
The NCSC is responding to further ransomware attacks on the education sector by cyber criminals.
NCSC launches online game to give children a head start with staying cyber secure25/05/2021 14:15:00
CyberSprinters, an educational cyber security game, has been launched by the NCSC.
Neurodiversity and disability to be captured in second survey on diversity of UK cyber sector14/05/2021 16:15:00
NCSC and KPMG UK launch second survey to help improve diversity in the cyber security industry.
New tool launched to support organisations achieve Cyber Essentials certification12/05/2021 16:05:00
Cyber Essentials Readiness Tool asks organisations questions related to the main Cyber Essentials criteria to help prepare them for certification.
British tech startups offered help to keep innovations secure12/05/2021 15:05:00
New guidance from the NCSC and the Centre for the Protection of National Infrastructure (CPNI) to help fledgling technical companies consider key questions around security.
Fifteen times more online scams stamped out as cyber experts moved to protect UK during pandemic10/05/2021 16:15:00
The fourth annual report on the NCSC’s Active Cyber Defence (ACD) programme is released.
Cyber experts set out blueprint to secure smart cities of the future10/05/2021 09:15:00
The NCSC has published a set of principles outlining how to securely design, manage and build smart cities.