Duo is Now An Approved Cyber Security Supplier to the UK Government
Duo is now an approved supplier on the UK Cyber Growth Partnership list, offering a Trusted Access solution, including two-factor authentication and endpoint visibility to protect organizations in the European Union. Known as the ‘cyber security supplier to government scheme,’ it supports UK companies in pursuing business opportunities worldwide in cyber security.
According to a 2016 Cyber Security Breaches Survey conducted in Britain, two-thirds of large UK businesses were hit by a data breach or attack in the past year, with some cases costing businesses millions of dollars. Seven out of ten attacks on all firms involved malware, according to a UK government press release.
While there is a record £1.9bn government investment to protect the UK, the government is urging the industry to act in order to protect themselves. The survey also found that only half of all firms took any recommended actions to identify and address vulnerabilities, and only a third had formally documented cyber security policies.
Cyber Essentials: A Set of Minimum Security Controls
UK government recommends that businesses adopt the Cyber Essentials scheme in order to protect themselves, at a minimum. It doesn’t remove all risk, but it’s a start in the right direction toward eliminating threats that require low levels of attacker skill.
Organizations can become Cyber Essential certified by implementing the defined set of controls. The focus is on five key controls:
- Firewalls and Internet gateways: These can prevent unauthorized access to or from private networks; proper configuration is key to being fully effective.
- Secure configuration: Ensure that systems are configured in the most secure way for the needs of the organization.
- Access control: Ensure only those who should have access to systems have access, and at the appropriate level.
- Malware protection: Ensure that virus and malware protection is installed and up to date.
- Patch management: Ensure that the latest supported version of applications is used, as well as all necessary patches supplied by the vendor have been applied.
Meanwhile, the UK government recognizes the risks presented by third-party vendors, which is why they created an Assurance Framework, designed to “provide a simple means for third parties to distinguish between organizations that are implementing basic cyber security controls from those that are not.”
There are two levels of certification - after, an organization will receive a badge:
- Cyber Essentials: Based on a self-assessment verified by an independent Certification Body.
- Cyber Essentials Plus: Offers a higher level of assurance through external testing of an organization’s cyber security approach.
Learn more about the requirements for basic technical protection from cyber attacks in the Cyber Essentials Scheme (PDF).
Minimizing Risk With Two-Factor Authentication
In the Cyber Essential framework, the government recommends that all administrative accounts should have a strong password. A strong password is a good first step, but organizations shouldn’t stop there.
The 2016 Verizon Data Breach Report (DBIR) states that 63 percent of breaches involved the exploitation of stolen, weak or default credentials.
An effective way for attackers to get access to administrator accounts is via phishing attacks. Once an attacker gets access to privileged accounts, they can pose as legitimate users to move around your environment and get access to sensitive data.
To minimize the risk of a data breach caused by stolen passwords, Duo provides a two-factor authentication solution that integrates with a variety of applications to protect against a remote attack.
In addition to using a password, two-factor authentication provides another layer of security to VPN, remote desktop or cloud application logins. Users can authenticate by typing in a password, then approving a push notification sent to their phone.
Duo also offers advanced endpoint visibility and endpoint remediation, allowing you to detect when outdated devices access your applications. Notify, warn and block users using outdated devices to prevent the risk of malware. The combination of endpoint visibility and two-factor authentication is what we call our Trusted Access solution.
Limit User Access to Applications
Additionally, the access control framework in Cyber Essentials scheme recommends organizations should manage, restrict and document employees access to applications.
This is to limit unauthorized access to applications and the risk of data breaches. With Duo, organizations can manage their user groups to restrict and limit access to certain applications.
For example, you can permit a group of contractors to access only the applications they need, and restrict their access to all other applications for more granular control.
Protecting Data in the European Union
For UK-based organizations, Duo has partnered with Amazon to host and deliver its two-factor authentication service from Amazon’s data centers located in Germany and Ireland.
Duo provides all UK customers with sales and technical support during UK hours, plus extended support from other offices around the world. Duo supports over 1000+ customers in Europe, including Bolton National Health Service (NHS) Foundation, University of York and King Digital.
Duo is available to try free for 30 days. Visit www.duo.com for more information.