The UK official National Cyber Security Centre (NCSC) it is opening a second level within its Cyber Incident Response (CIR) scheme. Bridewell, CYSIAM, LRQA Nettitude, NCC Group, Quorum Cyber, and WithSecure are its first assured providers.
The idea is that victims of a cyber attack can identify providers of incident response services, from firms of assured quality. If an organisation has experienced a cyber attack, this means they can turn to cyber companies to investigate and recover from an incident.
Martin Riley, Director of Managed Security Services at Bridewell, pictured, said: “It’s a testament to our team and a privilege to be one of the first organisations to achieve CIR level two. It continues to demonstrate our strength and capability within Incident Response and supports our journey to becoming level one. We look forward to supporting more organisations as we help them recover from incidents and provide guidance so they can defend against future threats.”
CREST is a not-for-profit accreditation and certification body and those six ‘assured’ firms are CREST members. Nick Benson, CEO of CREST said: “The NCSC’s Cyber Incident Response (CIR) scheme is designed to help cyber-attack victims find reliable providers of incident response services. Aimed initially at those organisations targeted by the most sophisticated threat actors, the scheme’s level 2 expansion now includes organisations of all sizes.
“As the first NCSC CIR scheme delivery partner, CREST is delighted to congratulate Bridewell for becoming one of the first level 2 NCSC CIR Assured Service Providers. This reflects the company’s ability to help private sector organisations, charities, local governments, and smaller public sector organisations recover from cyber-attack. And gives buyers the confidence that Bridewell has the necessary capabilities to help them.”
Some background
CREST says that Level 1 Assured Service Providers are capable of dealing with all types of cyber incident for all types of organisations. Level 2 companies are assessed as capable of supporting most organisations with common cyber attacks, such as ransomware, including the private sector organisations outside of CNI (critical national infrastructure), councils and charities.
And Chris Ensor, Deputy Director Cyber Growth at the NCSC, said: “Falling victim to a cyber attack is really stressful. Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world. For many years, we have Assured Cyber Incident Response services for organisations targeted by the most sophisticated threat actors.
“I am really pleased that we can now assure a similar service for any organisations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organisations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.”
