Threat Landscape
We’ve noticed a concerning trend: threat actors are taking advantage of misconfigurations on various devices, such as PCs, laptops, and servers. In fact, according to Microsoft Cyber Signals’ latest report (August 2022), 80% of successful ransomware attacks are a result of misconfigurations.
This issue was brought to light recently when Microsoft itself fell victim to a data breach caused by a misconfiguration, resulting in the leak of 2.4TB of data. This highlights the importance of properly configuring devices to reduce the risk of exploitation by threat actors.
Policy
In response to this breach, Microsoft simply stated that the problem was caused by an unintentional misconfiguration on an endpoint. It’s no wonder that the recently released Government Cyber Security Strategy for 2022 to 2030 emphasizes the need for all public sector organizations to be resilient against cyber threats, including establishing Secure configurations across all public sector organizations as part of Objective 3: Protecting Against Cyber Attacks.
The government aims to significantly strengthen critical functions against cyber-attacks by 2025 and ensure that all government organizations in the public sector are resilient to known vulnerabilities and attack methods by 2030, including local government. National Cyber Security Centre (NCSC) which operates under the Government Communications Headquarters (GCHQ), developed the Cyber Assessment Framework (CAF) to support the UK’s implementation of the European Union’s Network and Information Systems (NIS) Directive in 2018. Today, a significant number of UK providers of essential services are using the framework to help them improve cyber security. The below governing bodies will work closely to ensure each public sector organization to assess against CAF
The Department for Levelling Up, Housing, and Communities (DLUHC) is the governing body responsible for local and central government. Which is currently piloting the CAF Cyber Assessment Framework
To help manage data protection and security risks in the healthcare sector, the National Health Service (NHS) in the UK utilizes the Data Protection and Security Toolkit (DPST) for Cyber Assessment Framework (CAF). The CAF is developed and maintained by the National Cyber Security Centre (NCSC),
As part of the Government Cyber Security Strategy, organizations are advised to focus on establishing secure configurations of government productivity tools.
Government will work with its primary providers of productivity suites to further develop baseline security configurations for government organisations to follow and adapt. Doing so will ensure that all government organisations understand how to configure their productivity suites to provide a baseline level of cyber security, which will dramatically reduce common risks caused by misconfiguration.
Our Focus
We will focus on: Secure By Design and Configuration, specifically:
NHS DIGITAL – DSPT
CYBER ASSESSMENT FRAMEWORK – NATIONAL CYBER SECURITY CENTRE (NSCS)
Achieved; All the following statements are true
Gytpol Secure Configuration
GYPTOL offers a comprehensive solution to address the misconfiguration issues that organisations face. Our solution provides a centralized view of all devices, ensuring that they are not misconfigured. With our solution, manual efforts are no longer necessary, saving time and resources. Our solution is robust and scalable, allowing organizations to quickly identify gaps and remediate them.
In particular, we understand the unique challenges that healthcare and public sector organizations face with stretched IT resources and budgetary restrictions. Our solution emphasizes actionable automation rather than actionable intelligence, enabling organizations to focus on their core business while we take care of their cybersecurity needs.
Examples of misconfigurations that our solution can address include:
With GYPTOL’s solution, your organization can have peace of mind knowing that all devices are configured securely and vulnerabilities are promptly remediated.
Gytpol: Continuous detection and automatic remediation of misconfigurations on your devices without impacting business operations. No more costly and partial manual methods, and Gytpol ensures your environment is hardened and your Group Policy/InTune is applied. Achieve security and ROI quickly with close to zero personnel cost.
Capabilities with Gytpol
Gytpol was able to provide a benchmark score for desktop builds for the Centre for Internet Security, a key audit requirement with a built-in check, according to the Head of Digital and Information Services at Mid Cheshire Visit our website at
https://gytpol.com/resource/nhs-mid-cheshire-hospital-case-study/ for more information.
Why not get in touch to hear more about how Gytpol is helping organizations tackle Secure configuration and ACHIEVE compliance against CAF and DSPT.
You can sign up for your free Security Configuration assessment in one of the following ways: