Working together for a resilient Birmingham.


Cyber Security

Technology is becoming more advanced, and so are the threats towards cyber security whether in relation to the internet, wider telecommunications networks or computer systems. It is therefore essential for businesses to look at ways of reducing their vulnerability from these threats. The April 2012 Information Security Breaches Survey (by PwC) identifies 1 in 7 businesses have been the subject of hacking attacks in the last year.

Cyber Security

The Government’s 2010 National Security Strategy identified cyber attacks on the UK as a ‘Tier 1’ threat; meaning that it is a high priority for action.

The Cabinet Office has published the UK ‘Cyber Security Strategy’ which looks to build a more trusted and resilient digital environment.  There are a number of bodies who work to reduce the threat from cyber-attacks and improve cyber security.  The Office of Cyber Security and Information Assurance (OCSIA) supports the Minister for the Cabinet Office and the Security Council in determining priorities in relation to securing cyberspace. The OCSIA alongside the Cyber Security Operations Centre work with lead government departments and agencies such as the Centre for the Protection of National Infrastructure (CPNI).

Outlined by the UK Cyber Security Strategy, the most attractive targets within a business are intellectual property and commercially sensitive information (e.g. business strategies). In addition, services which rely on or are delivered via cyberspace can be taken offline by cyber criminals damaging revenue and reputations.

In 2011, Sony announced that attacks had been made on the PlayStation network. This compromised the personal details of 100 million users, and resulted in the shut down of the network for several weeks. Full costs were estimated at $171 million. Estimates have been made of costs to UK cyber crime being £27 billion per year (UK Cyber Security Strategy, Cabinet Office).

The CPNI states that confidentiality, integrity and availability of information are important aspects of a business. Therefore protecting information should be at the centre of any business security plan.

The below advice is suitable for both public and private sector organisations to help minimise risk against cyber threats.

Companies or individuals who initiate active attacks on others may do so for a range of reasons such as to breach national security, take part in acts of terrorism, crime or industrial espionage.  To secure against such attacks, the CPNI are advising businesses to consider the following questions and to keep these under constant review:

Carelessness is the cause of many cyber failures for example failure to encrypt a USB or where staff ignore corporate procedures regarding external emails.

Here are a few steps which can be taken to ensure the safety of your information and to minimise the risks of a successful cyber-attack.

  1. Keep track of authorised and unauthorised devices and software.
  2. Organise both hardware and software on laptops, work stations and servers.
  3. Continually review vulnerability assessments.
  4. Install defences against harmful software.
  5. Introduce and promote training for staff.
  6. Limit and control network ports.
  7. Control use of desktops e.g. using strong passwords that follow known standards.
  8. Keep detailed logs, identifying location, malicious software deployed and activity of machine affected.
  9. Control access to facilities, information and systems on a need to know basis.
  10. Monitor staff accounts appropriately.
  11. Establish data loss prevention techniques.
  12. Embed incident response plans (protect your organisation’s reputations).
  13. Maintain a secure network.
  14. Reinforce staff messages around vigilance e.g. only opening emails from trusted senders and reporting breaches of security.

The Top Twenty Critical Security Controls (TTCSC)

CPNI are participating in an international government and industry effort in order to promote the top twenty critical controls to enhance computer and network security. TTCSC are a baseline of information security measures and controls which can be applied to improve an organisations cyber defence and enable companies to change with advancing technologies and methods of attack. By following the 20 steps, your business can become more resilient towards cyber threats.

More information on cyber security and the above guidance can be found at

– See more at: