Cyber resilience: What does this mean for Scotland?
Organisations face an increasing number of threats from ransomware, data breaches and weaknesses in the supply chain, according to the NCSC’s (National Cyber Security Centre) annual report published earlier this year. This has become evident from the recent high-profile attacks on British Airways and Bristol Airport. Such attacks do not only cost money but also do reputational damage.
Ensuring that your organisation is cyber resilient should therefore be paramount. One of the easiest ways to achieve this is to undertake training from industry experts.
What is cyber resilience?
Cyber resilience enables organisations to quickly bounce back after a cyber attack by incurring minimum damage from the attack. This can be achieved through effective cyber security and business continuity practices, which also incorporate cyber incident response management.
Most businesses aren’t however able to pinpoint what ‘good’ security and continuity management looks like, which is why international frameworks have been developed to help provide guidance. Two notable standards for cyber resilience are ISO 27001 (information security management) and ISO 22301 (business continuity management).
Implementing both standards ensures that organisations are not just secure, but also prepared for a disruptive incident, should one occur.
Why is cyber resilience so important to Scottish organisations?
In Scotland, the business case for becoming cyber resilient is even stronger, with the Scottish Public Sector Cyber Resilience Framework aiming to improve cyber security and promote cyber resilience in public-sector organisations. It requires all Scottish public sector bodies to take cyber resilience measures and become ‘exemplars’ in online security. More importantly, public sector organisations must conduct staff awareness training to ensure the whole organisation is aware of their obligation towards cyber security.
Deadlines are yet to be confirmed for Scottish organisations in other sectors, but they too will need to have equivalent measures and controls put in place.
What does cyber resilience training entail?
- Staff awareness
Apart from taking effective cyber security measures, organisations need to also consider the human element of business and this is where staff awareness training comes into play.. According to a Kroll study, in the past two years, the number of data breaches has increased by 75%. Most of these were caused by human error, some of them as simple as sending an email to an unintended recipient – a mistake easily rectified by staff training.
- Training on cyber security
ISO 27001 is an internationally recognised standard which helps you to ensure best practice and ultimately the confidentiality, availability and integrity (CIA) of corporate information assets and intellectual property.
Our training courses can help you to:
- achieve a solid foundation regarding complying with the standard and achieving best practice
- equip you with the skills to lead an ISO 27001-compliant ISMS implementation project
- or provide you with the necessary skills to conduct second-party (supplier) and third-party (external and certification) audits
Scottish organisations need to establish how cyber resilient they are
IT Governance is an acknowledged leader in Cyber Essentials training, ISO 27001, cyber security, data privacy, service management and business continuity management training.
We now have an office in Scotland, where we can assist local organisations in becoming cyber resilient. We can deliver Cyber Essentials advice and packages, gap analysis, penetration testing and have a range of staff awareness solutions available. Our subject-matter experts are based in our Edinburgh office, where they are waiting to discuss your security concerns.