Third-party IT consultants can help organisations align with the recommendations outlined in the MoU and ensure that their cybersecurity frameworks are robust
The Information Commissioner’s Office (ICO) and National Crime Agency (NCA) have signed a memorandum of understanding (MoU), designed to enhance cooperation and reaffirm their commitment to helping victim organisations. The ICO and NCA will work together to share information about organisations that have been impacted by cybercrime and ensure that these organisations understand which agencies to report any incidents to. Ultimately, this collaboration will look to improve the UK’s cyber resilience.
As part of the MoU, the ICO will encourage organisations to engage with the NCA if they experience a breach. The NCA has also confirmed that it will not share any details with the ICO unless permission is granted.
To improve visibility into cyberattacks and to better protect the public from future incidents, the ICO will share anonymised, systemic and aggregated data with the NCA. In cases where the ICO and NCA are jointly involved in resolving an incident, both bodies have made a commitment to minimise disruption as they work to contain the breach. Both bodies have also committed to collaborate on standards, guidance and education across the cybersecurity landscape.
AJ Thompson, CCO at Northdoor plc, explains: “With Gartner predicting that 45% of global organisations will suffer an attack by 2025, this collaboration is a crucial step towards enhancing cybersecurity and protecting organisations from the rising threat of cybercrime.
“Both bodies focus on cyber-resilience across the UK, stressing the importance of implementing proactive measures to safeguard businesses and how a strong partnership between the ICO and NCA will make a positive impact on combating cybercrime. Another crucial point in the MoU is information sharing and transparency. This ensures that the victim organisations will get the support they need to recover quickly.
“The commitment to confidentiality, unless explicit consent is given, is another key point. This assurance builds trust and will encourage organisations to seek guidance without fearing further repercussions. The alignment across both bodies is vital for a cohesive response to cybercrime ensuring that all businesses, regardless of the size, can have access to advice.
“Another important point is the commitment to minimise disruption for organisations affected by breaches. A co-ordinated approach during an incident response will help mitigate damage and allow organisations to focus on recovery.
“Third-party IT consultants can help organisations align with the recommendations outlined in the MoU and ensure that their cybersecurity frameworks are robust. In 2024 and beyond, organisations will need to look to third-party IT consultants to help them to implement cybersecurity solutions that enables broad visibility that works seamlessly with existing technology stacks.
“Managed Detection and Response (MDR), Managed Risk, Managed Cloud Monitoring, and Managed Security Awareness, are examples of the type of solutions that can be implemented and backed by third-party IT support. Third-party IT consultants can provide 24×7 tactical coverage and ongoing strategic security recommendations, acting as an extension of an organisation’s internal team to improve its security posture.
“Long-term cybersecurity solutions require a comprehensive approach that cultivates a culture of security awareness. Turning to AI-powered solutions that allow organisations to have a 360-degree view of where potential vulnerabilities might lie and allows them to check on potential partners to ensure that their defences are up-to-speed will be crucial. It means organisations are able to address weaknesses with partners’ systems before they are exploited by cybercriminals, protecting data, reputation and regulatory integrity.
“We can express optimism that this MoU will help strengthen the UK’s overall cyber security posture and encourage continued collaboration between private sector organisations and public bodies to combat cyber threats,” concluded Thompson.
