RB Consultancy Logo
Call NOW

Cyber Essentials Plus: Vulnerability Assessments

RB Consultancy

Cyber Essentials Plus: Vulnerability Assessments

Cyber Essentials Plus: Vulnerability Assessments

Introduction

Cyber Essentials Plus (Level Two) is a technical audit to demonstrate that protections are in place, guarding against common forms of cyberattacks. This article takes a deeper dive into the vulnerability assessments and patching checks. We shine a light on these to help show why that testing is carried out, the benefits, what to expect, and how we help.

 

Aim of Remote Vulnerability Assessment

  • To see whether an internet-based attacker can hack into systems remotely using typical, low skill-based methods (such as through firewalls and routers)
  • This is akin to checking that the front door of a property is locked and secure – if it’s vulnerable, then the chances of theft and burglary can increase significantly 
  • Common forms of cyberattack (vectors) relate to the vulnerabilities being exploited by remote attackers via the internet

 

Aim of Patching and Vulnerability Checks

  • To identify and fix any weaknesses that are associated with devices that are used to create and store organisational data (such as desktops and laptops)
  • This is similar to checking whether assets that reside inside a property are also safe, secure, and can’t easily be stolen 
  • Typical forms of cyberattack (vectors) relate to remote attackers finding ways to get inside networks, where they then identify and exploit weaknesses

 

Benefits of Patching and Vulnerability Assessments 

  • Protect an organisation from ransomware and data breaches 
  • Identify security flaws before they’re exploited by threat actors
  • Highlight and address critical risks that may otherwise go unnoticed 
  • Close risks before threat actors exploit and abuse them
  • Increase protection capabilities from common forms of attack
  • Strengthen security posture 
  • Adhere to regulatory standards and reduce the risk of fines

 

What to Expect 

  • Ahead of the testing, provide details of devices and networks 
  • Document the names, types and IP addresses of devices
  • Provide written approval for the testing to take place 
  • Support the deployment of specific tools, designed to identify system vulnerabilities
  • Be prepared to find weaknesses that were not previously identified 
  • Take action to quickly address the most critical findings – they will be risk ranked for you
  • Remove software and/or services that are not being used 
  • Apply missing patches and updates that may previously not have been identified 
  • Make registry changes to windows devices to harden the system setup 
  • Be prepared to apply fixes in phases, moving from critical to high risk findings 

 

How We Help

At RB Consultancy Ltd, we support organisations looking to implement controls and/or certify to Cyber Essentials and Cyber Essentials Plus requirements:

  • NCSC Cyber Advisor certified – we’re proven to help organisations understand and implement technical controls 
  • Vulnerability Assessment Plus certified – we have skills and tools to identify weaknesses, risk rank findings to support prioritisation and provide remediation advice to enable swift action to be taken
  • IASME Cyber Essentials Plus Assessor certified – we’ve been tested to assess organisations against the requirements and provide advice on how to apply fixes  
  • Cyber Essentials Plus Certification Body certified – we’re trusted to issue certificates to organisations who have met the required standards

 

Conclusion

  • Cyber Essentials Plus provides extra assurance that technical controls are in place to prevent common internet-based attacks 
  • Remote vulnerability assessments test whether an internet-based attacker can hack into systems remotely using typical, low skill-based methods – like checking whether a front door to a property has been left open
  • Devices are also checked for missing security patches and vulnerability fixes, like checking whether valuable assets are secure 
  • Specific tools are used, similar to those used for testing credit card-related security 
  • Written approval is required to conduct the testing 
  • Testing can highlight weaknesses that might otherwise go unnoticed 
  • Critical and high-risk findings should be addressed – prioritising accordingly 
  • Missing patches and systems configurations are often identified for remediation 
  • We offer support and guidance through the whole process
  • We’re certified to provide assessment, advice and certification services 

 

If you would like assistance for Cyber Essentials / Cyber Essentials Plus certification, please contact us for support.

RB Consultancy

Company Details

  • Registered address: 20 - 22 Wenlock Road, London, England, N1 7GU
  • Trading address: Pioneer House, Pioneer Business Park, North Road, Ellesmere Port, Cheshire, CH65 1AD
  • Company Number: 14677066
  • VAT Registration Number: 479590726

Useful Links

Services

Contact

Cyber Essentials
Copyright © 2024 – All rights reserved.