The UK’s National Cyber Security Centre (NCSC) is making its Cyber Incident Response (CIR) scheme, which provides a group of trusted security vendors to help victims deal with the aftermath of cyberattacks, open to more organisations across the country.
The CIR has previously offered help to providers of UK critical national infrastructure and essential resources, such as managed service providers and telecommunications companies. It is now being extended, with a new list of “level two” vendors that will cover charities, local authorities and smaller public sector organisations, as well as more private sector businesses.
NCSC Cyber Incident Response programme expanded
The CIR was launched in April to provide support for organisations typically at risk of “sophisticated and bespoke cyberattacks,” the NCSC said.
As of today, it has been extended to cover other types of organisation. It puts companies in the UK at risk from cyberattacks in touch with trusted providers of commercial incident response services. “These assured companies support organisations to investigate and recover from a cyberattack and advise on how they can prevent future attacks,” an NCSC spokesperson said.
Chris Ensor, deputy director of cyber growth at the NCSC said that falling victim to a cyberattack can be “really stressful” for businesses. “Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cybersecurity world,” he said.
The CIR vetting process should assure that the companies supported under the scheme can provide reliable help to most organisations in the event of a cyberattack. “The NCSC badge will give confidence that the company they use has the right expertise to help them,” Ensor said.
CIR levels one and two explained
Approved vendors that are part of CIR are given level one or level two status. The level one-assured service providers are capable of dealing with all types of cyber incident for all types of organisations. The NCSC encourages critical infrastructure providers to contact a level one company if they experience a cyberattack.
Level two security companies have been assessed as capable of supporting organisations with common types of cyberattacks, such as ransomware, phishing attacks or business email compromise scams.
The NCSC says the scheme also provides an incentive for cybersecurity companies to improve, as once they have achieved level two status, they can progress towards becoming a level one supplier.
Security vendor Bridewell is one of the first companies to be given the new level two status. “It continues to demonstrate our strength and capability within incident response and supports our journey to becoming level one. We look forward to supporting more organisations as we help them recover from incidents and provide guidance so they can defend against future threats,” said Martin Riley, director of managed security services at Bridewell.
Companies that would like to become assured service providers can find the technical standards for both levels here.