Expert Comment: NCSC offers updated cyber risk advice to practitioners
The National Cyber Security Centre (NCSC) has updated its risk management guidance to help practitioners manage cyber risk. It said this reflects changes in cyber security, technology and global politics since the last update which was five years ago. The update aims to lend practical advice based on the experience of working on risk management problems, feedback from users and research by the NCSC’s sociotechnical and risk group. Sylvain Cortes, VP Strategy & 17x Microsoft MVP, Hackuity says "It’s encouraging to see the NCSC has updated its risk management guidance.
The pace of digital change in the past few years has been significant and cybersecurity guidance needs to keep up.
For organisations that are looking to build a solid foundation in risk management, the guidance provides essential, practical advice.
The guidance on “Assess[ing] your vulnerability”, is particularly pertinent at a time when attackers can easily exploit unpatched vulnerabilities within a network.
Unfortunately, the majority of organisations still have numerous fragmented tools and scanners which over-complicate their pursuit of unpatched misconfigurations and vulnerabilities.
To build on the advice of the NCSC: organisations should not only assess their network and keep track of the latest developments of real-world attacks, but they should also look to prioritise consolidation of their cybersecurity tools. Not only will this save time and money amid tight budgets and an even tighter bandwidth, but it will enable vulnerability and risk remediation to become easier and clearer than ever before."