cyber trends
THE MINIMUM CYBER
SECURITY STANDARD
DEFINES THE MINIMUM
SECURITY MEASURES
ORGANISATIONS AND AGENCIES
MUST IMPLEMENT. BUT WHILE
AWARENESS OF THIS STANDARD IS
HIGH (98%), ORGANISATIONS HAVE
NOT SEEN THE DIP IN CYBERATTACKS
THAT YOU WOULD EXPECT, AS MORE HAD
EXPERIENCED OVER 1,000 ATTACKS IN 2018
THAN IN 2017, ACCORDING TO THE FINDINGS
OF AN FOI REQUEST CONDUCTED BY
SOLARWINDS. SASCHA GIESE, HEAD GEEK
AT SOLARWINDS, TALKS THROUGH
THE KEY FINDINGS FROM THE SURVEY
AND IDENTIFIES HOW THE PUBLIC
SECTOR CAN MANAGE THE EVER-
INCREASING CYBERSECURITY
CHALLENGE IN THREE
POINTS.
Building the
foundations to
support every
cybersecurity
strategy
P
ublic sector
organisations
are now working
to meet the new
standards released
last year by the
National Cyber
Security Centre. The Minimum Cyber
Security Standard defines the minimum
security measures organisations and
agencies must implement with regards to
protecting information, technology and
digital services.
With the standard marking its one-year
anniversary this summer, it’s good for
UK government departments and public
sector organisations to evaluate their
progress in meeting this standard, what
challenges they’re facing and what
priorities they still need to monitor.
This is the first technical standard issued
and is designed to continually ‘raise the
bar’ and address new threats or classes
18
of vulnerabilities that can cause chaos
for organisations and constituents alike.
Awareness doesn’t equate
to action
In a recent FOI request, 98% of
respondents from central government
and NHS organisations noted they’re
aware of the Minimum Cyber Security
Standard, which is positive. However,
this awareness doesn’t seem to correlate
with as much of an anticipated dip
in cyberattacks. While the overall
percentage of public sector respondents
who experienced a cyberattack in
2018, compared to 2017, decreased
(38% experienced no cyberattacks in
2018, while 30% experienced none in
2017), more organisations experienced
over 1,000 cyberattacks – 18% in 2018
compared to 14% in 2017.
Similarly, there could be another risk
that the standard will only be seen as a
collection of checkboxes to tick, without
Issue 17
|
www.intelligentciso.com