Cyber Security Blog

Stay ahead of the curve with industry trends, cutting edge tech and inventive strategies.

Customer case study: Cyber Essentials

Cyber Essentials (CE) is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme’s five security controls can prevent “around 80% of cyber attacks”. The certification is a valuable indicator that the organisation has taken the necessary measures to bolster cyber security and reduce the risk of a cyber attack.

As one of the few Cyber Essentials Certification bodies in the Midlands, we were approached by a leading Engineering company who were informed quite late in a Tender process that they required Cyber Essentials and Cyber Essentials Plus. They needed to work quickly to secure these certifications to continue with their Tender bid. The company had over 100 employees, with an IT infrastructure which had been built upon over many years.
 
What did we do?

We worked closely with them on their Cyber Essentials Self-Assessment to identify the answers from their environment, and also to make some recommendations of policies and procedures that they need to implement to pass the self-assessment. This was passed with only 1 minor non-compliance.

To achieve Cyber Essentials Plus, we had to perform a vulnerability assessment and security review of the companies infrastructure. This required on-site visits to run the software and assess the workstations in the office.

What did we uncover?

During the initial scans, we flagged up multiple issues which the company was not aware of. These included workstations which were not fully up to date with Windows updates, and out of date software still in use on various machines.

The Cyber Essentials Plus standard mandates that all software must be up to date and in support by the manufacturer. All updates must be installed within 30 days of release. If this is not performed, then it is an instant failure point.

We worked regularly with the company to ensure that remedial actions were performed and would be compliant with the CE standard. The company was certified within 2 weeks of passing their Self-Assessment.

Ready to achieve your security goals? We’re at your service.

Whether you are a CISO, an IT Director or a business owner, Equilibrium has the
expertise to help you shape and deliver your security strategy.

Latest posts