Last week we embarked upon a series of articles designed to shed further light on the various cyber security programmes and certification schemes available for companies seeking to reinforce their cyber resilience. Today we take a look behind these solutions to focus on what being certified actually means...
At the start of 2018 global internet penetration was above 51 percent, meaning that there were almost 4 billion people in the world who were potentially open to cyber security threats. These numbers have grown in the last 18 months, and continue to do so, meaning that the importance of having a robust security framework in place, guided by approved, independent auditors, is hugely significant and becoming ever more so.
Indeed, the need for more and more cyber security-trained professionals is higher than it has ever been, with ransomware malware now able to attack 150 different countries around the world and recent cyber-attacks against very high profile organisations all illustrating just how high the level of vulnerability to potential cyber criminals really is.
It is an unfortunate fact that there has been a relative scarcity of cyber security professionals in recent years, with many companies not having any such position in their organisational hierarchy. Those that do have the resource have not necessarily ensured that the right certificates and programmes are obtained and taken, with the level of knowledge required to be fully compliant often found lacking.
One example of this was when the GDPR was enforced last year in the UK, unearthing the fact that there were lots of companies who were processing high enough volumes of personal data as to be required to employ a Data Protection Officer in the pursuit of compliance.
The NCSC recently announced their impending partnership with the IASME Consortium, meaning that the Cyber Essentials and Cyber Essentials Plus certification schemes will only be valid via IASME as of April 2020 – which in turn means that many companies and organisations will now have to reapply for these standards.
CRIBB Cyber Security is part of TheICEway ecosystem, a complete digital solution that has been helping clients in the cruise industry for more than 20 years. We are therefore very well-versed in the many (growing) cyber security threats the industry faces and responded by developing the CMCA solution for cruise: ‘CRIBB Maritime Cyber Assurance’. The interest in this product is growing alongside the huge digital growth seen in modern cruise liners, and we are preparing for a busy time in 2020.
Despite all of this, however, there do remain those who are sceptical of the various certification schemes and we feel it is as good a time as any to highlight some of the key advantages companies with certification have over those companies that do not:
Quite simply, any company ‘worth its salt’ will always strive to comply with rules and regulations designed to offer protection and reduce risk. There is no getting away from the fact that the world today is powered by technology, and as any person familiar with a SWOT analysis can tell you, no matter how invulnerable something may seem, there are always weaknesses to exploit and threats that can find and expose them. Cyber security is designed to stop cyber-attacks, and certification in this from an approved, independent auditor is proof that the measures a company has in place are robust enough to lead to-
• Peace of mind for you and your partners
Not only does certification lead to greater levels of compliance, which lessens risk factor, but it naturally therefore breeds greater confidence in you and your partners. In a future article we will take a look at the supplier chain and external threats from companies and people but just imagine how you would feel knowing that you were as compliant as possible, and that your partners knew it too? You might say that certification is-
• A symbol of trust
Actually you would say that, because it absolutely is a symbol of trust and one that is growing in visibility and recognition. Whether it be certification in Cyber Essentials, Cyber Essentials plus, PCI DSS Compliance or otherwise, the value of certification for cyber security in this modern age is huge. It is so huge in fact that more and more companies are choosing to only work with partners who are certified, to the extent where it is not inconceivable that this will be the standard In the not-too-distant future.
Global internet penetration – Literally the number of people using the internet worldwide; this was just short of 47% in 2017, a little over 51% in 2018 and is projected to be heading towards 54% in 2021 / 2022.
Ransomware Malware – A type of malware (any software created and designed with the intent of causing damage) from crypto-virology, where either threats to publish data on victims are made, or access to it being permanently blocked is threatened unless the victim pays a ransom.
GDPR – The General Data Protection Regulation, a regulation in EU law on data protection and privacy for citizens of the EU and the European Economic Area. GDPR also deals with personal data transfers outside of the EU and EEA.
NCSC – The National Cyber Security Council, a UK Government organisation providing support and advice to the public and private sectors on computer security.
IASME Consortium – Formerly, IASME was one of five companies appointed as Accreditation Bodies for the Government's Cyber Essentials Scheme. As of April 2020, IASME will be the sole Accreditation Body in partnership with the NCSC.
For more advice on certification and cyber security in general, why not contact one of our professionals? They are fully-qualified and certified themselves, and are always happy to help!