Cyber Essentials is a certificate that demonstrates a Company applies the security controls that stop 90% of the attacks on the internet.
Every day there are people attempting to attack any computer attached to the internet. They are not trying to attack a specific computer. These people, motivated by money, have the ability to exploit known vulnerabilities and search for computers with those vulnerabilities.
Once they have found a computer that they can access, they look at it to see how to monetise it. They might use ransomware which is the encryption of all the files and asking the owner to pay to have the files decrypted or they might start bitcoin mining which using the infected computer to produce bitcoins, a form of money. They may find sensitive or personal data that they can sell to others to monetise.
Whatever bad thing they choose to do, it will always be costly for the victim. Ransomware has an obvious cost unless you have spent time ensuring you are backed up, bitcoin mining will slow your users computers and loss of personal data reduces trust in your company and can result in fines of up too 10% of turnover under GDPR.
The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet. The five controls are:
Boundary firewalls and internet gateways
Complying with Cyber Essentials controls significantly reduces the risk of your organisation becoming a victim of a cyber attack. The certifications show your customers that you care about the security of their information and help you win their trust . It is a good way of demonstrating due diligence to the information commissioner in support of GDPR compliance. Cyber Essentials is mandated in most UK government tenders and the supply chain of many FTSE100 companies. Also, almost all companies in the UK Defense supply chain will require Cyber Essentials from April 2019.