Cyber Essentials Overhauled for New Hybrid Working Era
The UK government has launched a significant set of new requirements for organizations looking to comply with its Cyber Essentials scheme to bring it up to date with the way people live and work today.
Announced late last year, the changes will not impact the scheme’s overall control themes of firewalls, secure configuration, user access control, malware protection and software updates.
However, it has been expanded to address a new set of scenarios brought about by digital transformation and new post-pandemic working patterns.
There’s a new shared responsibility model to ensure organizations can better understand and fulfill their obligations to secure cloud services and infrastructure across SaaS, IaaS and PaaS.
There are also new requirements around home working, which is increasingly the norm for many workers today. This includes expectations about deploying firewall controls to users’ machines and devices.
The program has also been updated to include guidance on which multi-factor authentication (MFA) type to choose for employees, focusing on usability and accessibility.
Backups are not covered because the scheme doesn’t want to “overburden” organizations, even though it strongly recommends a rigorous backup and recovery program.
While the costs associated with Cyber Essentials will remain the same for small and micro companies, a tiered system means larger firms will pay more; now £600 including VAT.
“We still view Cyber Essentials as the minimum standard for cybersecurity in the UK but we also need to ensure it keeps evolving as the threat landscape and technology change. This major update is part of that ongoing regular review, explained “Anne W” of the National Cyber Security Centre (NCSC).
“We are also looking at what other services we can introduce to support Cyber Essentials. This includes providing an advisory service to help organizations that don’t have their own technical support with the practical configuration of their systems, and how to address the security challenges that larger organizations with complex IT estates face to meet the minimum standard.”
More Stories
Friday Squid Blogging: Biology and Ecology of the Colossal Squid
Good survey paper. Blog moderation policy. Read More
Ultralytics Supply-Chain Attack
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4,...
US Offers $5M for Info on North Korean IT Worker Fraud
The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North...
2024 Sees Sharp Increase in Microsoft Tool Exploits
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023 Read More
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus...
Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty...