UK government security experts have encouraged UK businesses to embed best practice security in their supply chains using what is known as ‘playbook’. So far Cyber Essentials has a whole has not been warmly received and the take up figures are disappointing. The study claimed just 3% of UK businesses are accredited, rising to 21% of large organisations.
The National Cyber Security Centre (NCSC) recently said the government’s Cyber Essentials (CE) scheme should be used as an assurance mechanism. It can be deployed in combination with a new NCSC Supplier Check tool, which enables organisations to check which of their suppliers are certified, and find out if they are CE or CE Plus.
Also see: Social Media Traps
The playbook itself contains usable advice, tools and resources to help businesses embed Cyber Essentials in their supply chains.
There are seven defined steps:
- Assess your risks: Understand your supply chain and any security risks that may affect your operations/reputation/contracts/safety
- Profile your suppliers: Define a set of supplier security profiles
- Set requirements: Consider a minimum set of security requirements for each profile, using Cyber Essential to help where appropriate
- Communicate expectations: Consider how to communicate and enforce minimum security requirements with suppliers
- Incentivise Cyber Essentials adoption
- Embed Cyber Essentials adoption into procurement processes
- Monitor adoption via the Supplier Check tool
Advertisement
Cybersecurity minister, Liz Lloyd said. “There have been too many occasions where we’ve seen first-hand the impact that cyber-attacks can have on businesses. Supply chains can provide numerous points that attackers look to exploit, but only 14% of firms are on top of the potential risks faced by their immediate suppliers,”.
“That’s why we wrote to the UK’s leading companies, to set out steps to bolster their cybersecurity – including a specific action on securing supply chains using the Cyber Essentials scheme – which should be a priority for every company.”
Also see: Different Hackers Wear Different Hats
The NCSC said Cyber Essentials is a great way for organisations to improve baseline security posture, stating that 43% suffered a cyber-attack over the past year. The NCSC also reminded those UK businesses with a turnover of under £20m that CE certification entitles them to free cyber-liability insurance, including professional incident response support.
Yet only a small percentage of nearly six million private sector businesses in the UK have Cyber Essentials certification.
