The UK official NCSC (National Cyber Security Centre) has made a change to its assured Cyber Incident Response (CIR) scheme, by adding a second level. Companies assured by the NCSC to offer CIR services will be designated Level 1 or Level 2.
As the NCSC says, its CIR scheme is for organisations experiencing a cyber attack to identify trusted providers of commercial incident response services, who can investigate and help in recovery from a cyber attack, and advise on how to prevent attacks.
Until now, the CIR scheme has focused on assuring companies that can provide incident response services to organisations running computer networks of national significance, such as central government, critical national infrastructure (CNI) such as utilities; and regulated industries. These, the NCSC adds, are at particular risk of targeted and complex attacks by nation-state actors.
All Level 1 Assured Service Providers are capable of dealing with all types of cyber incident for all types of organisations. The NCSC strongly encourages organisations running networks of national significance to contact a Level 1 company if they experience a cyber attack. It is especially important that all organisations use a CIR Level 1 provider if they think they have been the victim of a highly sophisticated attack.
Level 2 companies are assessed as capable of supporting most organisations with common cyber attacks, such as ransomware. This includes the private sector outside of CNI sectors, charities, local government and smaller public sector organisations.
Chris Ensor, Deputy Director of Cyber Growth at the NCSC, said: “Falling victim to a cyber attack is really stressful. Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world. For many years, we have Assured Cyber Incident Response services for organisations targeted by the most sophisticated threat actors.
“I am really pleased that we can now assure a similar service for any organisations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organisations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.”
Reporting a cyber attack or incident –
If your organisation has been the victim of a cyber attack, the NCSC recommends that you start by visiting https://www.gov.uk/report-cyber to identify where you should report your incident.
Find a list of NCSC Assured Cyber Incident Response providers –
Visit the CIR scheme “Find a provider” page on the NCSC website.
Comment
Joseph Carson, Chief Security Scientist & Advisory CISO at the cyber firm Delinea, said: “As with all government best practices and guidance, they must stay current to be deemed as valuable and actionable for all businesses to reduce the risks of becoming victims of cyberattacks. The latest update to the Cyber Incident Response (CIR) scheme from the National Cyber Security Centre (NCSC) brings in a new level, meaning more companies will be able to provide high quality incident responses services. The new update is an important and needed refresh that will provide all organisations with a service that will be relevant for most cyber security incidents, rather than a focus on purely organisations running networks of significance, such as central government, critical national infrastructure, and regulated industries.”
