Come the end of October 2018 the Scottish Government is set to increase the scare-factor around this side of the United Kingdom especially within Scotland’s public sector.

No, not because it’s the time of year when thousands of children come knocking on your door, dressed as all kinds of demonic demons, demanding sugary snacks. This October is the deadline for all Scottish public bodies to achieve Cyber Essentials or Cyber Essentials Plus certification. The start of Scotland’s Cyber Resilience Strategy, one that ministers hope will be paralleled across the globe.

The Herald:

Deputy First Minister John Swinney’s vision is for Scotland to become a world leading nation in this field of expertise. If Scotland is to achieve this goal then its public sector must set a precedent for all others to follow. But with 60% of small businesses having been breached in the last year and with almost 40% of Scottish SMEs spending nothing on IT security* it seems that most of the public sector still need to act.

With the fears around cyber security more heightened than ever before, the Scottish Cyber Resilience scheme was developed in 2017 to lay the groundwork for minister’s long-term goal. The WannaCry ransomware attack of May 2017 accelerated the entire program after more than 300,000 computers were infected. Since then several requirements have been issued to those in the public sector regarding how government departments, local authorities and NHS boards can become more secure online.

While a large portion of Scottish public bodies already have cyber security measures in place, it’s the aim of Scottish ministers for the entire public sector to become exemplar in this field.

The following info gives an overview of cyber resilience and explains the steps the public sector should be taking:

What is Cyber Resilience?

Cyber Resilience means an all-encompassing approach that covers not only protective measures but also measures to respond and recover if you are attacked. Since cyber security is a risk management exercise, you should always be prepared for the worst to happen as there is always a margin of risk for things to creep through. That’s why, to cover all your bases, you need to be resilient and not just secure.

Products such as ISO 27001 is the international standard for information security best practice, and specifies the requirements for implementing an information security management system (ISMS). An ISMS offers organisation-wide protection of all information in all its forms. By implementing an ISMS you would be in a position to identify risks and continue to protect against them.  All leading cyber resilience programmes incorporate requirements that ISO 27001 lays out and eases the process of implementation.

How do I become compliant?

By taking the necessary steps, sooner rather than later.  Steps such as confirming a Cyber Essentials pre-assessment has taken place, ensure staff have undertaken cyber resilience training, and have a cyber incident response plan, are just some of the initial actions the Scottish Government has proposed the public sector to take.

Alan Calder, the founder and executive chairman of IT Governance, one of the Scottish public sector’s preferred providers, says that it is critical that Scottish organisations start their compliance journey as soon as possible.  

He said: “Cyber-crime is perhaps the single biggest threat to modern businesses and attacks are continually on the rise. The Scottish Government’s legislation is something that we as an industry welcome to encourage more organisations to effectively incorporate cyber resilience into their practices.

“What’s fantastic to see is that the scheme incorporates the requirements of leading examples of cyber security such as the international information security standard ISO 27001 and the UK Cyber Essentials Scheme. That the Scottish Government has acknowledged that effective business continuity management makes up a crucial part of a comprehensive cyber resilience programme.”

The Herald:

Where can I get support?

IT Governance has helped thousands of companies with their compliance journey’s including the University of Edinburgh and Glasgow city council. 

The Scottish Government has listed a range of existing standards, guidelines and controls that can contribute to increased cyber resilience. IT Governance can help organisations meet compliance obligations through the implementation of an ISO 27001-compliant ISMS, business continuity management, incident response management and penetration testing.

IT Governance has recently opened a brand-new Edinburgh office to further support local organisations, and the Scottish public sector, to align their cyber resilience strategies with international best practice. The company is a specialist in ISO 27001 implementations, CREST-accredited Cyber Essentials certifications, penetration testing PCI DSS and the GDPR. Visit their website – itgovernance.co.uk - for more information about cyber resilience products and services, or email servicecentre@itgovernance.co.uk or call 0131 5641214 to get in touch with the consultancy team.

* https://www.scottish-enterprise.com/knowledge-hub/articles/insight/cyber-security-and-why-it-matters

This sponsored article was brought to you by IT Governance.