search
Contact us

Search

search
layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

BCN Podcast: Cyber Security Series, episode 1

In this series, we examine the cyber security journey businesses should be taking and where to begin if they’re not yet onboard.

Listen now to our first podcast, hosted by Peter Filitz, Head of Business Development, with BCN’s Michael O’Neill, Managed Security Services Director and Simon Edwards, Head of Compliance. 

Summary 

  • Cyber Security remains a constant threat to businesses of all sizes, not just large organisations, with new, more sophisticated threats emerging all the time.
  • BCN’s Cyber Security Journey helps clients get a foothold on improving their cyber security posture, and better protect staff, customers and the business 
  • Cyber Essentials certification or having the required controls in place is the ideal first step, mitigating 80% of threats.  

Welcome! In this cyber security podcast series, we’ll share the trends we’re seeing in the IT and business technology space, exploring how they can have a positive impact on your business. 

 

The ever-changing landscape 

We opened our discussion by commenting on new threats and new targets; the devious ways that bad actors are infiltrating businesses big and small right now. SaaS and the misconfiguration of cloud environments are fast becoming common areas for attack, plus the methods used are increasingly undetectable, such as ‘Quishing’, a QR code scam which leaves users none-the-wiser.  

Throughout 2023 so far, SMEs have increasingly become targets for ransomware gangs, so it’s not just the bigger businesses that are targeted. What’s more, 13% of victims will pay, though there’s no guarantee that data will be unlocked. A continuous challenge is the changing landscape of cyber security. What has been reviewed and deemed adequate today is outdated in three months’ time. Businesses need to undertake ongoing processes to ensure thorough protection. So where should they start?  

 

What stages are you at? 

We know it’s difficult for businesses to make sure they have the right systems and applications in place to protect themselves, and have engaged with many to understand their pain points. BCN’s Cyber Security Journey has been developed to help clients, regardless of what stage they are at. To do this, we assess where a business’s plans are and can categorise them as follows:   

  • Reactive: limited security posture relies primarily on reactive, basic, ad-hoc measures.  
  • Proactive: implementing more advanced security measures, such as annual assessments and encouraging employee training. 
  • Managed: many security measures, ISO adherence, modelling tools, incident response plans and regular assessments. 
  • Embedded: security is integrated to all aspects of the business and viewed as an enabler, aligned to the business goals and growth. 

Our roadmap, with its baseline marks to hit, can take businesses on the journey towards having embedded cyber security status and ensure they are best protected.  

 

Cyber Essentials: a great place to start 

Simon explained that the best place to start is Cyber Essentials, a UK Government-backed scheme designed to improve a business’s overall cyber posture. Working towards certification (whether obtained or not) ensures that specific controls are in place (also favourable for insurance renewals, tenders and client relationships).  

“Eighty per cent of attacks are eradicated by having Cyber Essentials in place, so just having the controls, those five controls that Cyber Essentials requires, will eliminate a huge chunk of any chance of being hacked maliciously,” Simon said. 

It’s a proactive approach in essentially safeguarding data and the business, by implementing standards and best practices. BCN promotes this scheme to clients but is also taking steps to become an approved Cyber Essentials assessor “so that we’re in the best possible place to advise clients on their security posture,” Michael explained. 

For businesses to take security seriously, you also need to be compliant all year around, not just once a year. BCN is working to deliver a managed service that will monitor, report and alert on anything that falls out of compliance with Cyber Essentials. This is in addition to other services, such as year-round vulnerability scanning and remediation, in order to identify issues before they become an issue.  

 

Parting words 

As this first episode drew to a close, Peter asked the panel for any parting words. 

Michael’s top five basic things to consider:  

  1. Educate staff and check on policies.   
  1. Achieve Cyber Essentials and/or Cyber Essentials PLUS.  
  1. Pay attention to updating software and hardware.  
  1. Encrypt data where possible, including back-ups. 
  1. Test your back-up and DR plans regularly.  

Simon: “Cyber Essentials might not be for every business, but it’s important to take away and review the controls which are part of Cyber Essentials. The users are always the weakest link, so have security awareness in place and take it seriously.”  

Peter: “Working towards an industry-recognised business benchmark is definitely something most businesses should strive towards, even if they’re not going for the certification. After looking at the stats today, it’s clearly not a question of if, but when, and making sure you are adequately prepared for such an event to help navigate your business, your staff and your customers through that is really important.”  

BCN is committed to doing our part to make the digital world safer for everyone. That is why we have a dedicated, specialist team to engage clients and developed our Cyber Security Pledge – created to help protect your business from cyber threats.

Ready to start your Cyber Security journey?

Get in touch today down down down
;