Cyber Essentials Changes: Critical Updates

  • Home
  • Blog
  • Cyber Essentials Changes: Critical Updates
image
  • Posted On: January 20, 2022  

Executive Summary

Cyber Essentials is set to receive its biggest update yet soon, on 24th January 2022. The government-backed scheme, which is organised by the National Cyber Security Centre (NCSC), is a way for businesses to showcase their cybersecurity credentials, and reassure their customers and clients how committed they are to protecting all of their sensitive information from the most common online threats. With the update fast approaching, we’ve put together a series of blogs to explain what all of the biggest changes are.

What’s changed?

To get the Cyber Essentials accreditation, your company or organisation will need to meet all of the NCSC’s key requirements. Since the workplace landscape has changed so much over the past few years, these requirements have had to evolve as well. One of the major changes concerns software updates. All high and critical updates to your software and devices must be applied within 14 days, and automatic updates should be enabled wherever possible. Any software on devices that fall under the scope of the scheme, meanwhile, must be licensed and supported, and any unsupported software must be removed.

Why has this changed?

The critical updates are defined by Cyber Essentials as ones that fix vulnerabilities described by the vendor as ‘critical’ or ‘high risk’; address vulnerabilities with a CVSS v3 score of 7 or above; or if there are no details on the level of vulnerabilities being fixed. There used to be a set criteria updates needed to meet, but now organisations need to apply all high and critical updates to their systems.

Organisations can no longer be selective about which patches they use, as even the smallest vulnerability could leave them susceptible to cyber attacks. Recently, a vulnerability in the Microsoft Exchange System made headlines, and quickly escalated from a complex state actor attack to a ransomware attack. It’s for this reason that, if businesses want to meet the Cyber Essentials requirements, then they’ll need to ensure every update is applied as soon as possible.

Make sure to check out the rest of our Cyber Essentials blogs, which cover everything from home routers and cloud services to multi-factor authentication, and keep an eye out for the last in the series. To find out more about the new requirements for Cyber Essentials, or learn how we can help your business to make all of the necessary updates, get in touch with us.



Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.

About Us

Established in 2013, Cyber Security Associates Limited (CSA) provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat. We have built our team from a foundation of Government (ex-Military) and Commercially experienced specialists all holding current and relevant cyber certifications. Today our core services are based around a 24/7 Security Operations Centre (SOC) based in Gloucester.

News & Resources

Quick Links

Contact Information

Phone: +44(0) 300 303 4691
Email: [email protected]
Address: Head Office, Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
Sign up for our newsletter


cert

2024 Cyber Security Associates Ltd - All Rights Reserved | All Logos and Trademarks are © or ™ of there respective owners