{"id":3803,"date":"2016-11-12T17:31:34","date_gmt":"2016-11-12T17:31:34","guid":{"rendered":"http:\/\/trendytheme.net\/demo2\/wp\/markety\/?p=3803"},"modified":"2020-11-06T11:50:38","modified_gmt":"2020-11-06T11:50:38","slug":"cyber-essential-controls","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/","title":{"rendered":"Is Cyber Essentials really effective?"},"content":{"rendered":"

The Cyber Essentials<\/a> scheme was developed by the UK Government. The scheme provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common Internet-based threats. The Government believes that implementing these measures can significantly reduce an organisation’s vulnerability. Many companies, however, do not implement these controls, and in the past, this has led to serious security breaches.<\/p>\n

<\/p>\n

(1) Boundary firewalls and internet gateways<\/h3>\n

\u201cInformation, applications and computers within the organisation\u2019s internal networks should be protected against unauthorised access and disclosure from the internet, using boundary firewalls, internet gateways or equivalent network devices\u201d \u2013 Cyber Essentials Scheme Requirements: Control 1.<\/p>\n

In February, the Central Bank of Bangladesh was the victim of an $81 million cyber heist. The attackers targeted $951 million, however, $850 million worth of transactions were blocked and $20 million worth of transactions succeeded but has since been recovered.<\/p>\n

According to investigators, the bank didn\u2019t have a firewall in place and \u201cused second-hand switches bought for $10 to network computers connected to the SWIFT global payments system\u201d. The lack of a firewall made it easy for the system to be hacked and has also made it difficult for investigators to trace how the hackers executed the robbery.<\/p>\n

For more information, see here<\/a>.<\/p>\n

(2) Secure configuration<\/h3>\n

\u201cComputers and network devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role\u201d \u2013 Cyber Essentials Scheme Requirements: Control 2.<\/p>\n

One of the aspects that this control highlight is the need to change any default passwords. Earlier this year, one of NASA\u2019s drones was allegedly hacked by Anonsec (a hactivist group). \u201cThe hack was executed through brute-forcing an administrator\u2019s SSH password left with a default password, which led to root access to three network-attacked-storage devices.\u201d<\/p>\n

The hackers were able to obtain data on over 2,400 employees as well as flight logs and aircraft videos.<\/p>\n

For more information, see here<\/a>.<\/p>\n

(3) User access control<\/h3>\n

\u201cUser accounts, particularly those with special access privileges (e.g. administrative accounts) should be assigned only to authorised individuals, managed effectively and provide the minimum level of access to applications, computers and networks\u201d \u2013 Cyber Essentials Scheme Requirements: Control 3.<\/p>\n

In 2015, an employee accessed 10% of Morgan Stanley\u2019s customer files in an investment database. The employee also exposed hundreds of these details on Pastebin. \u201cData is the new currency, and employees have easy access to steal sensitive data for profit or to inflict damage\u201d, said Eric Chiu, president and co-founder of HyTrust.<\/p>\n

The employee was found to be a mid-level wealth advisor who somehow had access to thousands of records. In companies such as Morgan Stanley, mid-level financial advisors are usually only allowed access to the entire aggregation of a dataset. Only a few select high-level managers should be able to access the actual records.<\/p>\n

This incident is a good example of the consequences of giving special access privileges to individuals who do not need them.<\/p>\n

For more information, see here<\/a>.<\/p>\n

(4) Malware protection<\/h3>\n

\u201cComputers that are exposed to the internet should be protected against malware infection through the use of malware protection software\u201d \u2013 Cyber Essentials Scheme Requirements: Control 4.<\/p>\n

Malware refers to a variety of forms of intrusive software including viruses and trojan horses and has been used in cyber-attacks for the last 30 years. One cyber-attack on a small N.Y. marketing firm in 2010 highlights the importance of being protected against malware. Little & King LLC faced bankruptcy from a loss of $164,000 online-banking loss.<\/p>\n

Just before the fraud occurred, the owner, Karen McCarthy, \u201cfound that her Windows PC would no longer boot and that the computer complained it could not find vital operating system files.\u201d It was confirmed that her computer had been infected with the ZeuS Trojan that steals passwords and enables cyber-attacks to control computers remotely.<\/p>\n

For more information, see here<\/a>.<\/p>\n

(5) Patch management<\/h3>\n

\u201cSoftware running on computers and network devices should be kept up-to-date and have the latest security patches installed\u201d \u2013 Cyber Essentials Scheme Requirements: Control 5.<\/p>\n

In 2015, Adobe Systems patched a vulnerability in Flash Player. Within 4 days of the patch, cyber-attackers began exploiting the vulnerability on systems that had not yet deployed the patch. \u201cFlash is commonly viewed as one of the most insecure pieces of software by security professionals and has been targeted by numerous state and criminal hacking groups\u201d.<\/p>\n

The exploit was discovered by China-based hackers known as APT3. They targeted victims using generic phishing emails and when someone clicked the link, they were served malicious SWF and FLV files exploiting the Adobe Flash vulnerability. APT3 attacked organisations in the following industries:<\/p>\n

\u2022 Aerospace and defence
\n\u2022 Construction and engineering
\n\u2022 High tech
\n\u2022 Telecommunications
\n\u2022 Transportation<\/p>\n

For more information, see here<\/a> and here<\/a>.<\/p>\n

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials<\/a>, the UK government scheme that covers all the fundamentals of cyber hygiene.<\/p>\n

\"CTA<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The Cyber Essentials scheme was developed by the UK Government. The scheme provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common…<\/p>\n","protected":false},"author":3,"featured_media":6595,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4,11],"tags":[8,9,10,12,13],"yoast_head":"\nIs Cyber Essentials really effective? - CyberSmart<\/title>\n<meta name=\"description\" content=\"How effective is Cyber Essentials? Can it really protect your business? We look at each of the scheme's five controls to find the answer.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is Cyber Essentials really effective? - CyberSmart\" \/>\n<meta property=\"og:description\" content=\"How effective is Cyber Essentials? Can it really protect your business? We look at each of the scheme's five controls to find the answer.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberSmart\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs\" \/>\n<meta property=\"article:published_time\" content=\"2016-11-12T17:31:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-11-06T11:50:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"885\" \/>\n\t<meta property=\"og:image:height\" content=\"397\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jamie\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberSmartUK\" \/>\n<meta name=\"twitter:site\" content=\"@CyberSmartUK\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jamie\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\"},\"author\":{\"name\":\"Jamie\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/5f23eb4b6bf763170a51147370df2a04\"},\"headline\":\"Is Cyber Essentials really effective?\",\"datePublished\":\"2016-11-12T17:31:34+00:00\",\"dateModified\":\"2020-11-06T11:50:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\"},\"wordCount\":804,\"publisher\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg\",\"keywords\":[\"Cyber\",\"Cyber Essentials\",\"Cyber Security\",\"CyberSmart\",\"IASME\"],\"articleSection\":[\"Blog\",\"Cyber Security 101\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\",\"url\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\",\"name\":\"Is Cyber Essentials really effective? - CyberSmart\",\"isPartOf\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg\",\"datePublished\":\"2016-11-12T17:31:34+00:00\",\"dateModified\":\"2020-11-06T11:50:38+00:00\",\"description\":\"How effective is Cyber Essentials? Can it really protect your business? We look at each of the scheme's five controls to find the answer.\",\"breadcrumb\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage\",\"url\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg\",\"contentUrl\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg\",\"width\":885,\"height\":397,\"caption\":\"GDPR compliance\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cybersmart.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Is Cyber Essentials really effective?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#website\",\"url\":\"https:\/\/cybersmartcom.wpengine.com\/\",\"name\":\"CyberSmart\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cybersmartcom.wpengine.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#organization\",\"name\":\"CyberSmart\",\"url\":\"https:\/\/cybersmartcom.wpengine.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png\",\"contentUrl\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png\",\"width\":990,\"height\":1006,\"caption\":\"CyberSmart\"},\"image\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs\",\"https:\/\/twitter.com\/CyberSmartUK\",\"https:\/\/www.instagram.com\/cybersmart.uk\/\",\"https:\/\/www.linkedin.com\/company\/be-cybersmart\",\"https:\/\/www.youtube.com\/channel\/UC620w4R_UG_P4ncd_9azlHg\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/5f23eb4b6bf763170a51147370df2a04\",\"name\":\"Jamie\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4c8629de96048c65a367ce1066968a8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4c8629de96048c65a367ce1066968a8f?s=96&d=mm&r=g\",\"caption\":\"Jamie\"},\"url\":\"https:\/\/cybersmart.com\/author\/jamiecybersmart-co-uk\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Is Cyber Essentials really effective? - CyberSmart","description":"How effective is Cyber Essentials? Can it really protect your business? We look at each of the scheme's five controls to find the answer.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/","og_locale":"en_US","og_type":"article","og_title":"Is Cyber Essentials really effective? - CyberSmart","og_description":"How effective is Cyber Essentials? Can it really protect your business? We look at each of the scheme's five controls to find the answer.","og_url":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/","og_site_name":"CyberSmart","article_publisher":"https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs","article_published_time":"2016-11-12T17:31:34+00:00","article_modified_time":"2020-11-06T11:50:38+00:00","og_image":[{"width":885,"height":397,"url":"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg","type":"image\/jpeg"}],"author":"Jamie","twitter_card":"summary_large_image","twitter_creator":"@CyberSmartUK","twitter_site":"@CyberSmartUK","twitter_misc":{"Written by":"Jamie","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#article","isPartOf":{"@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/"},"author":{"name":"Jamie","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/5f23eb4b6bf763170a51147370df2a04"},"headline":"Is Cyber Essentials really effective?","datePublished":"2016-11-12T17:31:34+00:00","dateModified":"2020-11-06T11:50:38+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/"},"wordCount":804,"publisher":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#organization"},"image":{"@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage"},"thumbnailUrl":"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg","keywords":["Cyber","Cyber Essentials","Cyber Security","CyberSmart","IASME"],"articleSection":["Blog","Cyber Security 101"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/","url":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/","name":"Is Cyber Essentials really effective? - CyberSmart","isPartOf":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage"},"image":{"@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage"},"thumbnailUrl":"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg","datePublished":"2016-11-12T17:31:34+00:00","dateModified":"2020-11-06T11:50:38+00:00","description":"How effective is Cyber Essentials? Can it really protect your business? We look at each of the scheme's five controls to find the answer.","breadcrumb":{"@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#primaryimage","url":"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg","contentUrl":"https:\/\/cybersmart.com\/wp-content\/uploads\/2016\/11\/Untitled-design-27.jpg","width":885,"height":397,"caption":"GDPR compliance"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersmart.com\/blog\/cyber-essential-controls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersmart.com\/"},{"@type":"ListItem","position":2,"name":"Is Cyber Essentials really effective?"}]},{"@type":"WebSite","@id":"https:\/\/cybersmartcom.wpengine.com\/#website","url":"https:\/\/cybersmartcom.wpengine.com\/","name":"CyberSmart","description":"","publisher":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersmartcom.wpengine.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersmartcom.wpengine.com\/#organization","name":"CyberSmart","url":"https:\/\/cybersmartcom.wpengine.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png","contentUrl":"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png","width":990,"height":1006,"caption":"CyberSmart"},"image":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs","https:\/\/twitter.com\/CyberSmartUK","https:\/\/www.instagram.com\/cybersmart.uk\/","https:\/\/www.linkedin.com\/company\/be-cybersmart","https:\/\/www.youtube.com\/channel\/UC620w4R_UG_P4ncd_9azlHg"]},{"@type":"Person","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/5f23eb4b6bf763170a51147370df2a04","name":"Jamie","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4c8629de96048c65a367ce1066968a8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4c8629de96048c65a367ce1066968a8f?s=96&d=mm&r=g","caption":"Jamie"},"url":"https:\/\/cybersmart.com\/author\/jamiecybersmart-co-uk\/"}]}},"_links":{"self":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/posts\/3803"}],"collection":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/comments?post=3803"}],"version-history":[{"count":0,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/posts\/3803\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/media\/6595"}],"wp:attachment":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/media?parent=3803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/categories?post=3803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/tags?post=3803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}