IT suppliers will now have to fully comply with the five security controls in the Cyber Essential Scheme (CES) starting from the 1st October.
CES was first created by government in the summer with the intention to improve UK business cyber security. It laid out the fundamentals in ensuring businesses have preventative measures in place in the event of a Cyber-attack.
It will now be compulsory to follow the five security controls laid out in the CES and a certificate will be awarded to those businesses that do follow it.
CES provides support on:
- Secure configuration
- Access control
- Malware protection
- Patch management
- Firewalls and internet gateways
- Commercial Incentives
This will not only ensure every IT supplier is taking the necessary steps to protect themselves, but it will also give larger businesses assurances that the IT suppliers they use are not vulnerable to security threats. Big Businesses like BAE, Barclays and Vodafone all endorse the scheme and HP is even notifying all their suppliers to adopt this scheme.
In the wake of security threat ‘Heartbleed’ and most recently the ‘Shellshock bug’, it is vital that all IT suppliers adopt such schemes to ensure they are not susceptible to Cyber-attacks.
For more information on CES see http://www.scmagazineuk.com/uk-government-contractors-must-comply-with-cyber-essentials/article/373805/.