Cyber security: Non-negotiable basics

Today, organisations are rightly working to ensure their internal networks, data assets and customer - and client-facing websites are well protected and that business continuity and response plans are in place in the event of a cyber attack. The cost of cyber breaches can be ruinous, not only as businesses temporarily go offline, but the long-term reputational impact that comes with the loss of customers' and the public's trust.

The Chartered IIA's Mind the Gap research looks at how cyber risk has been particularly exacerbated by the coronavirus pandemic. Businesses have had to juggle competing priorities and operational disruption whilst ensuring that remote devices and networks are secure. At the same time, criminals have sought to exploit remote working protocols by increasing the pace and sophistication of cyber-attacks.

To help you make sense of this growing risk area is our cyber security report ‘Mind the Gap: Cyber security risk in the new normal’. A tool enabling you to provide assurance on cyber security culture within your organisation.

By now all organisations should, at the very least, be certified under the UK government's Cyber Essentials scheme, which encompasses five key technical controls:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

To achieve the basic-level certification organisations must self-assess their systems and this must then be independently verified. The second level of certification, Cyber Essentials Plus, goes a step further by requiring that systems are independently tested, and Cyber Essentials is integrated into the organisation's information risk management.

However, the mitigation of cyber security risk means more than simply updating firewalls and malware protections. While critical, such measures alone fail to account for the scope of future risks associated with cyber and technology vulnerabilities. Organisations, through strong governance, risk management and third-line assurance, must work hard…