4. Keeping up-to-date with emerging cyber threats
New advanced threats are being discovered daily. Resilience is also increasing your understanding of the threat landscape. Taking a proactive approach is essential to allow for methods to be adjusted before they affect services.
As threats continue to increase in frequency and sophistication, so must our knowledge and preventative measures.
5. Business continuity disaster recovery plan
All organisations should have sufficient business continuity disaster recovery (BCDR) methods in place to make sure that you can resume normal operations in the event of an attack. It should include a complete approach to keeping your team productive during a cyber-attack.
The BCDR plan builds resilience by reducing the risk of data loss and enhancing operations, detailing emergency contacts and key staff.
Steps to strengthening cyber defences through the procurement process
With cybercriminals targeting supply chains and recent attacks such as SolarWinds, procurement can be an increasing concern for the public sector.
Criminals often target the weakest link within supply chains. It is imperative, therefore, that the procurement process mitigates these risks.
CCS worked in partnership with the NCSC to develop the Cyber Security Services 3 dynamic purchasing system (DPS). It provides a central route to buy NCSC assured services to help you improve your security function.
The DPS allows you to filter for NCSC assured services. You can also access suppliers who are not NCSC assured but hold alternative cyber security credentials.
The advantages to using NCSC assured suppliers are that they will have:
- Met the NCSC’s standards and can be trusted to act in NCSC’s name.
- A proven track record in delivering high-quality consultancy services.
- Demonstrated a clear understanding of current and potential cyber threats and techniques and potential effective mitigations.
- Been independently and rigorously assessed.
- Shown that they act with integrity and objectivity.
- Protect the customer’s confidentiality and integrity and comply with relevant laws and regulations.
- A commitment to continuously improve the services offered to meet evolving customer needs.
One of the biggest supply chain challenges can be a supplier’s understanding or competence when it comes to cyber security. Accreditation is increasingly important for the public sector in strengthening cyber defences within the procurement process. Buying through a framework such as the Cyber Security Services 3 (CSS3) DPS, ensures that your suppliers have had vetting checks such as Cyber Essentials.
Cyber Essentials is a government-backed scheme that allows organisations to carry out a cyber self- assessment, and provides an understanding of the organisation’s security levels. This will mean that your supplier has taken steps to safeguard their business against cyber threats and will assist in strengthening cyber defences within your supply chain.
How can CCS help?
Do you have a cyber security requirement? We have a dedicated cyber security team that can help you protect against the increasing complexity of cyber- attacks. For more information about Cyber Security Services 3, you can:
