Arculus Cyber Security Newsletter September 2021
Welcome to the inaugural Arculus Cyber Security Newsletter.
CREST Accreditation of Arculus
As a specialist provider of cyber security consultancy and penetration testing services, Arculus has been accredited by CREST as a Penetration Testing Service Provider. Our dedicated team is highly experienced in delivering successful cyber security outcomes for customers in the public and private sectors.
Ian Glover, President of CREST said “Arculus is one of a growing number of specialist SME consultancies to invest in its people and processes to deliver high-quality penetration testing services. CREST accreditation reflects this commitment and provides internationally recognised validation of its business processes, data security and testing methodologies, putting the company in a strong position to take advantage of the growing demand for trusted penetration testing services.”
Our very own Austin France – Arculus Director and Principal Consultant commented “Having worked for leading organisations to deliver CREST accredited services over a number of years, I am well aware of the trust placed in CREST by the cyber security community. Becoming a CREST company is a hugely significant step for Arculus as it enables us as an SME to offer the highest quality services to the market. Our customers are assured that Arculus testing services and the qualifications of our team are accredited by a world leader, which is a true differentiator.”
Arculus Welcomes Two New Team Members
June began (along with Summer finally arriving!) with Arculus recruiting two new Security Consultants to the Team. Bringing a wealth of experience in both the Armed Forces and Blue-Chip commercial businesses, Alun Smale Saunders and Andrea Baron have been busy working on ISO 27001, Cyber Essentials and Cyber Essentials Plus Projects for lots of our valued clients, and you will no doubt be speaking to them soon.
Arculus achieves Integrated ISO/IEC 27001 and ISO/IEC 9001 Certification
We are proud to announce that Arculus has been awarded our ISO/IEC 27001 certification for Information Security Management, and ISO 9001 for Quality Management. The ISO/IEC 27001 accreditation is one of the most widely recognised and internationally accepted information security standards, while ISO/IEC 9001 is a proven quality standard. By benchmarking our policies and procedures against these internationally recognised Management System Standards, our customers can be assured of the resilience and excellence of our service. In order to achieve these certifications, Arculus was audited by NQA, an UKAS accredited Certification Body.
The Arculus Team themselves have combined over 60 years of experience advising clients on how to assess their business readiness to achieve ISO/IEC 27001. We can guide you through the process and advise you on all elements of the requirements prior to your ISO 27001 Audit, to ensure you pass with flying colours. Get in touch if achieving ISO 27001 Certification is of interest to your business.
Cyber Essentials and Cyber Essentials Plus Certification of Arculus
As a Cyber Essentials (CE) and Cyber Essentials Plus(CE+) Certifying Body, registered in Manchester, Arculus have themselves achieved both Certifications. CE and CE+ are simple but effective, Government backed schemes that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. Over 98% of successful attacks happen because attackers are able to exploit basic weaknesses in Security, and CE and CE+ raises the bar to ensure companies are not an easy target for hackers. Achieving CE gives our clients reassurance that we practice what we preach and ensure our own and our clients data is kept safe and secure. CE+ demonstrates we undertake vulnerability assessments, penetration testing and infrastructure security posture reviews to test our defences.
If you are interested in obtaining Cyber Essentials or Cyber Essentials Plus, please get in contact and we would be happy to talk you through the process.
Arculus receives Defence Employer Recognition Scheme Bronze Award Certificate
Arculus is committed to supporting our Armed Forces Community and recognises the importance of utilising the skills of Veterans in the Cyber Security space.
Bronze award holders pledge to support the armed forces, including existing or prospective employees who are members of the community.
Arculus promote being armed forces-friendly and are open to employing reservists, armed forces veterans (including the wounded, injured and sick), cadet instructors and military spouses/partners
We have also signed the Armed Forces Covenant to demonstrate our intention to support the Armed Forces community.
Well that’s a wrap for the latest Arculus news, but we thought it would be useful to finish with a curated collection of what we think are the most interesting reports, articles and resources in Cyber Security released in the last 6 months.
The below URLs will need to be copy and pasted into your trusted (and up to date with patches!!) browser.
- As Supply Chain Attacks continue to rise, this ENISA report is a must-read for anyone who uses third-party systems or software.
- Many cyber-attacks are the result of common, known vulnerabilities. NCSC and its international partners have published a list of these common vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-209a along with mitigations and indicators of compromise.
- With many organisations facing recruitment challenges in their cybersecurity workforce, (ISC)2 has published a useful resource on building a resilient cybersecurity team.
https://www.isc2.org/Research/CareerPursuers? Arculus can also help you by undertaking cybersecurity projects or providing specialist resource to supplement your in-house team.
- To see the scarily high figures paid out to ransomware groups, check out this site
https://ransomwhe.re/by Jack Cable of Krebs Stamos Group. It tracks all ransomware payments across different groups, a bit like the evil twin of the Times Rich List.
- The Cyber Scotland Bulletin August 2021 – topics including This month’s topics include; Malware warning about fake Windows 11 preview versions, #ScamWatch Week 2021, CyberFirst Girls Competition 2022 https://www.cyberscotland.com/august-2021/
- Why you definitely SHOULDN’T be risk managing your way through Cyber Essentials https://www.ncsc.gov.uk/blog-post/cyber-essentials-it-isnt-a-risky-business
- How to get buy-in from the board for Cyber Security investment and prioritization
If you have any questions about the topics and articles in the Arculus Newsletter, or if you would like to discuss any of the services Arculus provides including Pen Testing, Vulnerability Assessments, Compliance, Risk Assessments and Security Architecture Consultancy, please do get in touch.