Cyber-attacks have never been more prevalent or more sophisticated. Research from the UK Government explored the impact of cyber-attacks over the last year and described the situation as “Cyber security breaches and attacks remain a common threat.” In terms of business costs, research from IBM has reported staggering figures, with the average cost of a cyber-breach to an organisation reaching $4.3 million (£3.5 million). Security is a critical element of safe working, not only for the organisation itself but for the entire ecosystem of clients and suppliers.
This is why Intratone takes security seriously; in fact, security is integral to our technology and our everyday business. To demonstrate Intratone’s commitment to security, we proudly announce that we have been awarded a Certificate of Assurance under the Cyber Essentials Scheme.
What is the Cyber Essentials Scheme?
The UK’s National Cyber Security Centre (NCSC) connects industry and government to provide government-backed advice, guidance, support, and certification on all matters of cybersecurity. One of the aims of the NCSC is to reduce the cyber risk level of the UK by ensuring that public and private sector networks are secured.
The Cyber Essentials Scheme is a government-backed initiative run by the NCSC and certified by external assessors covered under the IASME Consortium. The Cyber Essentials Scheme aims to ensure that any organisation participating in the scheme is fully prepared for a cyber-attack and proactively responds to any potential threats. Receiving a Certificate of Assurance from the scheme demonstrates that the organisation has a security-first mindset and is prepared for common cyber-attacks, including phishing, social engineering, and exploitation of vulnerabilities.
Cyber Essentials five control categories
When an organisation goes through the Cyber Essentials certification process, it must prove that it takes security seriously. This means that the certified organisation must comply with specific security best practices that build layers of protection. These practices come under five cyber security controls:
Firewalls act as a perimeter defence around a company, helping to stop external cyber-attacks. There are several types of firewalls, and some devices, such as routers, may include an in-built firewall. However, a dedicated “boundary firewall” will create a protective layer around a corporate network to prevent inbound attacks.
Devices and software often come ready to use with default settings, including passwords and other configurations affecting security. Research has shown that misconfiguration can be linked to 35% of all observed incidents. This includes issues such as default passwords; cybercriminals will brute force equipment such as IoT devices that may use easy-to-guess default passwords. A survey by analyst Forrester found that a third of security decision-makers said “corporate IoT devices were the top target for external cyberattacks.”
Cybercriminals are exploiting the fact that having someone else open a door authorised to do so is simpler than smashing the door down. User accounts are targeted to allow cybercriminals to walk through the corporate network door. Administrators are often targeted as they have extra privileges. Research has found that smaller businesses suffer from 350% more threats than larger companies, with targets focusing on senior staff with privileged access.
Malware includes the dreaded ransomware, which causes companies to stop working as their data becomes encrypted and unavailable. This data is also often stolen and used as part of the ransom process. As of 2023, over 72% of businesses worldwide have been affected by ransomware. Ransomware and other malware can enter a corporate network from many sources, including phishing emails, infected websites, and vulnerable and unpatched devices and software.
Security update management
Many types of cyber threats exploit a vulnerability somewhere along the attack chain. For example, a phishing site may locate a flaw in a browser and use this vulnerability to install malware. Security update management is an essential part of security as this ensures that security patches are deployed and installed promptly.
What did Intratone do to get certified?
Becoming Cyber Essentials certified requires a company to follow a process that includes the following:
- A self-initiated assessment that demonstrates its cybersecurity approach based on the five controls. This comprises an online questionnaire that gathers information about the company’s proactive approach to cybersecurity.
- An external audit by an accredited Cyber Essentials assessor. The assessor scrutinises the questionnaire responses and maps them against the expected security requirements of the NCSC.
If a company is successful, the organisation will be awarded Cyber Essentials certification. You can find Intratone’s certification status on IASME’s website by searching under “Certificate Search.”
Why is Cyber Essentials important?
According to the UK Government talking about Cyber Essentials recommendations, “80% of cyber-attacks could be prevented if businesses put simple security controls in place.” A Cyber Essentials certification demonstrates that an organisation takes security seriously and has a security-first approach that extends to protect its supplier and client ecosystem. Once an organisation has been successfully validated using the Cyber Essentials assessment process, they are in a great position to reassure clients and suppliers that they are cyber-trustworthy and will work to secure the ecosystem against cyber-attacks. In an era where cybercriminals target supply chains, it is important to demonstrate through external validation that your company has developed a culture of security to protect against internal and external threats.
Going forward, Intratone will continue to build layers of protection against increasing cyber-attack volumes. As the threat landscape morphs and takes advantage of new technologies such as generative AI, Intratone will continue to monitor and adjust our security posture. Intratone takes security seriously, which is why our own technology and products are security centred.