Professional Documents
Culture Documents
Cyber Security
Landscape
Introduction
Cyber-crime is a global phenomenon which affects everyone, from individuals and employees to
small and large organisations and across all sectors. This includes fraud, identity theft, phishing,
hacking, malware and distributed denial of service (DDoS) attacks. These attacks are increasingly
in the media as they become larger and more prevalent.
Just consider the frequency of cyber attacks — according to the PwC Global State of Information Security Survey 2015, the rate of
detected security incidents increased 66% year on year since 2009, with 42.8 million incidents detected in 2014, which equates to
117,339 attacks per day1. In the 2016 report2, detected incidents were up 38%, with theft of intellectual property up 56% from 2015.
Not only has the frequency of attacks increased, so too has the cost of managing and
mitigating breaches. Research suggests that the online security industry will grow at
a rate of 8.3% until 20213. To put that into perspective — globally, businesses spent
approximately $75 billion on online security in 20154.
For organisations, however, the investment goes beyond bolstering defences; the
estimated reported average financial loss from cybersecurity incidents around the
world in 2014 was $2.7 million – a 34% increase on the 2013 figure5. In the UK alone,
cybercrime cost businesses more than £1 billion in 20156.
In basic terms, cyber security is the body of technologies, processes and practices
designed to protect networks, computers, programs and data from attack, damage
or unauthorized access.
Attacks can be either random – almost drive-by – or targeted, but they are happening
constantly. In order to ensure these attacks are not successful, controls need to be in
place either under a formal information security management system (ISMS) or a more
informal approach.
2
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
Many firms now place cyber among their leading risks in terms of the
likelihood and severity of impact. Data loss, business interruption,
and theft of intellectual property, are some of the greatest consequences
of an attack, with the impact being dependent upon the industry,
risk profile, and size of a particular firm. There is a growing concern
with the physical damage impacts of cyber-attacks (whether indirectly
or directly), given the increasing connectedness of assets to the internet.
Cyber is rightly considered by firms to be a dynamic risk which pits them
in an “arms race” against those seeking to cause harm. This is likely to
keep cyber risk as a standing item on their agenda.
3
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
Industry mitigation
response
So, where do you start with cyber security? One part is to understand
something about the attacks themselves. The majority of incidents
faced by an organisation are the random probes from low-skilled
attackers or automated tools looking for well-known vulnerabilities
in people, processes and technology. These attacks are the easiest
to prevent. However, those conducted by skilled attackers against
specific targets are the hardest to defend against; and advanced
persistent threat (APT) attacks are the most difficult to avert.
You know you need to protect your organisation, but how is this achieved? The answer
is simple: start by implementing controls that are based on agreed best practice. As with
all simple answers, it is actually often not that simple. You have to identify those best
practices and then implement them within your organisation so they are part of your
daily routine or ‘business as usual’ (BAU).
Standards such as Cyber Essentials, Cyber Essentials Plus and IASME Governance standard–
all certifications offered by Pulsant – are based on best practice, so are ideal indicators of
effective cyber security mitigation controls.
4
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
Cyber Essentials:
Your First Line of defence
As part of a drive to get the country protected from cyber threats,
the UK government created the Cyber Essentials scheme as
the lowest rung on the cyber security ladder. The scheme was
developed by organisations such as CESG, IASME, CREST and
others. It is designed to help protect organisations from the threats
posed by low-skilled attackers and automated tools by ensuring
basic hygiene controls are implemented.
It is not the silver bullet to defeat all cyber threats, but all the controls within
it are the foundation of all measures to protect you and your organisation.
2. Secure configuration — ensuring that systems are configured in the most secure way
for the needs of the organisation.
3. Access control — ensuring only those who should have access to systems do have
access and at the appropriate level.
4. Malware protection — ensuring that virus and malware protection is installed and
up to date.
The scheme focuses on internet-facing systems because they are more exposed. Equally,
the people within your organisation are also directly exposed to attacks from the internet
as they browse the web and receive emails.
In essence, Cyber Essentials addresses about 80% of the most common cyber threats.
Once in place, it then provides the ideal base from which to further assess how to protect
your business from the remaining 20% of threats by enabling you to confidently assess
which information needs to be protected which additional controls are needed to secure
your environment.
5
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
For most SMEs, the scope will be the whole of the organisation; larger organisations,
meanwhile, generally want to certify part of the business, such as a division or a single
company within a group. This is permitted as long as the in-scope entity has sufficient
network segmentation and management responsibility from the rest of the business
to meet the requirements defined in the scheme.
6
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
7
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
The Pulsant
approach to
cyber assurance
As an accredited assessor, we can help you achieve
your Cyber Essentials certification successfully,
and provide a strategic plan for you to maintain
controls and re-certify annually.
1. Define scope and identify information assets 2. Rapid outcome Cyber Essentials review
This is the most important part of the process We assess the scope against the requirements
in which we determine and define the exact scope of Cyber Essentials to identify any gaps and make
of the review, identifying what needs to be included. recommendations for remediating these gaps.
8
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
Next steps
There are two more options for those seeking even more
comprehensive cyber assurance certifications. First, there’s Cyber
Essentials Plus, which focuses on all of the above and includes an
additional internal scan and an on-site assessment. Those looking
to quality for Cyber Essentials Plus must have completed Cyber
Essentials within the last three months.
Secondly, there’s the IASME Governance standard, which was developed over several
years to create an affordable and achievable alternative to the international standard,
ISO27001. This is designed exclusively for smaller companies and allows them to reap the
benefits of a cyber-security certification, especially with the introduction of the General
Data Protection Regulation (GDPR) fast approaching.
Conclusion
A cyber security strategy is essential. As part of this strategy,
implementing a risk framework which is ongoing and evolving,
changing in line with your business growth, shifts in operations and
technologies, and, most importantly, adapting to the ever-moving
cyber threat landscape, is fundamental in mitigating a business’s cyber
security risks. There’s no disputing the importance of such a strategy.
Demonstrating you are dedicated to preventing attacks is critical to
maintaining customer trust, protecting revenues and, in some cases,
meeting regulatory compliance.
However, for many organisations, getting to the stage where they have
a fully-fledged strategy in place, one that can be updated and changed,
is the major stumbling block.
As more cyber attacks are brought into the public’s line of sight, there
is the dawning recognition that that a cyber incident is inevitable. Along
with this recognition then is the allocation of resources and budget to deal
with the threat. But for many organisations, large and small, there is a
gap — either in terms of skills required, expertise needed, or support from
senior exec to spend the required budget. Coupled with that is the lack
of understanding of just which parts of their organisation have to
be protected.
9
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
About Pulsant
Pulsant is a leading provider of hybrid cloud
solutions, professional services and managed
services, all underpinned by highly resilient
networks that support more than 4,000 mid-tier and
enterprise customers from our 15 UK data centres.
®
IASME
Consortium
Self-Certified
Company
10
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Navigating the Cyber Security Landscape
Annual
Review Remediation Review
Upgrade
anytime
Annual
Review Remediation Review
Sources
1. http://www.pwc.com/us/en/press-releases/2014/global-state-of-information- 7. http://www.bbc.co.uk/news/technology-37821867
security-survey-2015.html
8. https://www.gov.uk/government/uploads/system/uploads/attachment_data/
2. https://news.sap.com/pwc-study-biggest-increase-in-cyberattacks-in-over-10- file/415354/UK_Cyber_Security_Report_Final.pdf
years/
9. http://www.ft.com/cms/s/0/9bfb4e72-7965-11e5-a95a-27d368e1ddf7.
3. http://www.prnewswire.com/news-releases/cyber-security-market-to-grow-at- html#axzz4I9ErCkEI
cagr-83-till-2021-says-techsci-research-report-590704471.html
10. http://www.itgovernance.co.uk/blog/talktalk-fined-400000-for-failing-to-take-
4. http://www.forbes.com/sites/stevemorgan/2016/03/09/worldwide- basic-cyber-security-measures/
cybersecurity-spending-increasing-to-170-billion-by-2020/#220e15fa76f8
11. http://economia.icaew.com/news/april-2016/business-faces-huge-fines-under-
5. http://www.pwc.com/us/en/press-releases/2014/global-state-of-information- new-dp-rules
security-survey-2015.html
6. http://www.computerweekly.com/news/450298242/Cyber-crime-cost-UK-
business-more-than-1bn-in-the-past-year
11
Find out how we can help your organisation: pulsant.com
call 0845 119 9911
Challenge Pulsant to fulfil your
business aspirations…
Contact Routes
Sales
Available: 9am - 5pm Monday – Friday
Telephone: 0845 119 9911
Email: sales@pulsant.com
Accounts
Available: 9am - 5pm Monday – Friday
Telephone: 0845 119 9999
Email: accounts@pulsant.com
Consulting Services
Available: 9am - 5pm Monday – Friday
Telephone: 0845 119 9933
Email: PS_Admin@pulsant.com