Firms encouraged to consider Pathfinder accelerator programme
Is cyber security part of your business plan?
The increasing use of digital services in a connected world brings an increasing threat of cyberattack. The Internet that connects systems doesn’t discriminate between the type of traffic it allows on the network, it is our responsibility to manage this when we connect to and use the Internet by recognising and reducing the risk as appropriate. Attackers are constantly improving their ability to penetrate systems through social engineering and the opportunity of our increased online presence. The first step for an organisation to counter the threat from cyberattack is to understand their risks and to deal with the question of not “if” it will happen, but “when”.
The consequence of a successful attack depends heavily on the nature and scale of the attack and the ability of the organisation to respond to it. Some attacks may result in complete failure of an organisation’s systems; some may take money from bank accounts or credit cards; some may compromise data; and some may impact on an organisation’s reputation. It is important to remember that not all attacks come through the computer systems, successful telephone based vishing attacks are being seen in ever increasing quantities to demonstrate that our ability to detect them does not depend on computer based security systems.
The majority of cyberattacks are not targeted at specific individuals or organisations but are opportunistic and look to exploit known vulnerabilities in computer systems that can be exploited. Cyber attackers, hackers and writers of malware use programs that are able to automatically exploit known weaknesses, poorly configured systems and weak passwords without consideration of the impact that it will have on the target.
Organisations should not look on the cyber security threat as being a technology problem, it is an organisational risk as it is the organisation that will be disrupted and it should be addressed at this level. Whilst technology is a natural part of the process to secure the organisation, most of the changes that are required in the attitude of employees to the risk and the management of the risk. Security needs to be an integral part of the business process, technology can assist in the implementation and management of the process but it can’t fully protect it.
There are some practical and basic steps that individuals and organisations should take in order to better protect themselves:
The security threat is not static and neither should the system resilience, to assist in maintaining resilience within the business systems:
To assist with this, the National Cyber Security Centre has produced a 10 Steps to Cyber Security resource at https://www.ncsc.gov.uk/guidance/10-steps-cyber-security.
The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Government believes that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide cost effective, basic cyber security for organisations of all sizes.
The Assurance Framework, leading to the awarding of Cyber Essentials and Cyber Essentials Plus certificates for organisations, has been designed in consultation with SMEs to be light-touch and achievable at low cost. The two options give organisations a choice over the level of assurance they wish to gain and the cost of doing so. It is important to recognise that certification only provides a snapshot of the cyber security practices of the organisation at the time of assessment, while maintaining a robust cyber security stance requires additional measures such as a sound risk management approach, as well as on-going updates to the Cyber Essentials control themes, such as patching. But we believe this scheme offers the right balance between providing additional assurance of an organisation’s commitment to implementing cyber security to third parties, while retaining a simple and low cost mechanism for doing so. The Scottish Business Resilience Centre maintains a list of organisation that can assist organisations to achieve Cyber Essentials at:
HIE is currently working with a range of its clients across the region who are working towards their Cyber Essentials accreditation. This has been running since September and included a one day intensive workshop and 1-2-1 support from a digital adviser to develop a Cyber Resilience plan. Any account managed organisations or businesses interested in this programme should contact their account manager or can email firstname.lastname@example.org
Firms encouraged to consider Pathfinder accelerator programme
Businesses across the Highlands and Islands are using digital technology in ever greater numbers, according to a new study published by the region’s development agency.
A free programme that supports life science and technology businesses accelerate their growth has opened for new applications.
A virtual award ceremony was held last night (Tuesday 23) to celebrate the winners of ‘Think Rural, Think Digital!’ digital competition.
Young people aged 18-35 in Scotland are invited to take part in a free 48 hour virtual ‘hackathon’, alongside peers from other parts of the North Atlantic region.
Shetland youngster showcases pioneering energy project
Broadband contract hands on to new multi million pound roll-out
A Highland project that has developed technology to support in-flight cabin crews dealing with medical events has secured up to £161,000 from Highlands and Islands Enterprise (HIE).
Nine businesses from the Highlands and Islands will start the latest edition of the Pathfinder Accelerator programme today (29 October), which aims to put them on the fast track to success.
QR codes providing easy access to latest information on local attractions.
Outdoor kits sent to Highland primary schools for Maths Week
A free programme to help businesses accelerate their growth has opened for new applications, with a virtual taster session arranged for 24 September.