The timing for this year’s NCSC flagship conference (11/12 May 2021) could not have been more pertinent, with news headlines dominated by an increased cyber threat and ransomware attacks impacting critical infrastructure. The online conference, much of which is available on demand via youtube, launched a number of new initiatives. As well as an updated 10 steps guidance and early warning service (which will be the focus of this blog), Priti Patel used the platform to launch a review of the Computer Misuse Act and Dominic Raab issued a warning to Russia around sheltering the gangs and individuals behind ransomware attacks.
10 Steps Guidance
The 10 Steps guidance, first published in 2012 and updated on 11 May 2021, is now used by a majority of FTSE 350 organisations. It has been updated to reflect the changing risk profile of cyber, recognising threats raised by the increased use of cloud services, the move to large-scale home working accelerated by the pandemic, and the rise in ransomware attacks.
The guidance still covers key areas such as incident management and secure configuration, but has been updated to include new advice in areas such as supply chain risk (which has increasingly been seen as an area requiring improvement in many organisations) and to reflect wider NCSC guidance in areas such as cloud computing. It also covers certain issues, such as data protection, in more detail than it used to.
It is aimed at security professionals and technical staff at medium and large organisations that have dedicated resource to manage cyber security, although it may also be of interest to advisors. There is separate NCSC guidance that may better suit smaller businesses and senior management/boards at larger organisations.
In terms of messaging within organisations, the guidance consciously changes the language used to discuss the ‘benefits’ cyber security can bring, rather than focussing purely on risks (which can mean people view cyber security through a narrow, breach response, lense).
New alert service
On the same day, the NCSC also launched an early warning notification service. Organisations can sign up to this free online service that provides alerts about potential cyber attacks on their networks. As part of GCHQ, the NCSC is able to access a variety of information fields for this service, including several privileged feeds not available elsewhere. The service filters millions of events received by the NCSC every day and, using your IP and domain names, provides a daily notification (via the Early Warning portal) showing those threats which may be relevant to your organisation. The types of high level alerts an organisation may receive range from incident notifications (activity suggesting an active compromise of your system) down to vulnerability and open port alerts (which suggest vulnerable services or apps are running on your network). Details on how to register for the service are available on the NCSCs site.