How careful planning can take the pain out of ransomware breach response

How careful planning can take the pain out of ransomware breach response

There is plenty that organisations can do to enhance their resilience to ransomware breaches. But no preventative strategy can ever be 100% guaranteed to succeed. The modern corporate attack surface is simply too porous and expansive, and threat actors too persistent, for that. That’s why network defenders should also be primed and ready for a worst-case scenario.

As we explained in our previous blog, an attack can strike at any time. And when it does, those in charge are often trapped in a whirlwind of confusion. The key to successfully managing such a situation lies with forward planning.

Planning for a breach

Ransomware is among the most common and acute cyber-threats facing UK businesses. And the threat will continue to grow with the advent of AI, the National Cyber Security Centre (NCSC) recently warned. For smaller businesses its impact can be particularly destructive. A 2022 study revealed that a fifth of US and European businesses had nearly been forced into bankruptcy by a historic attack. Last year one of the UK’s largest privately owned logistics firms entered administration due to “disruption” caused by a ransomware compromise.

Yet it doesn’t need to be this way. It all starts with putting the right team together. Ideally, it should include key representatives from the IT and security function, PR and legal – and possibly also HR and customer service stakeholders. That’s because, when a ransomware attack hits home, it can impact disparate parts of the business.

PR is essential to help organisations manage their external communications strategy. HR should be on hand to manage internal comms and cross-departmental collaboration. And legal will dispense critically important advice on engaging with regulators, managing potential customer/employee class action suits, and more. For most organisations, customer service will also need to be involved to manage the fallout for end customers. If any piece fails, there could be significant financial and reputational repercussions, including customer churn, regulatory fines and lawsuits.

The average cost of a UK data breach is calculated at $4.2m (£3.3m) today. But in some cases, ransomware has caused losses measured in the tens of millions. From a regulatory perspective, organisations need to think not just of data protection watchdog the Information Commissioner’s Office (ICO) but also any relevant industry-specific bodies, like the Financial Conduct Authority (FCA).

Putting the pieces in place

Every organisation is different, and there’s no single agreed format that an incident response team should take. Most important is that everyone has a clearly defined role that they understand, and that they are working under unequivocal instructions from an incident response lead. In many cases, this will be a senior individual from the IT team. Crucially, they need not only experience of working under pressure – and ideally in crisis incident response situations – but must also be given the authority to lead for the duration of an incident. That means even members of the organisation and board senior to that individual must respect their decision making.

The next thing a team needs is a plan. This is where many organisations fall down, by attempting too much. No one can predict how or when a ransomware breach will take place, and what its impact may be on the organisation. But many try, by building out complex incident response plans which will likely be redundant as soon as attackers strike. The key to success is rather to keep things simple and high level. The incident response team will need to improvise, but within their own clearly defined roles. It’s also important to ensure any pre-written plan is accessible in a crisis – ie, not stored on a server that has been encrypted by ransomware.

In a similar way, organisations shouldn’t overthink things by scheduling frequent incident response training exercises. In a typical organisation there are mini incidents occurring all the time which can be used to hone the skills of team members. Once a driver has passed their test, they aren’t forced to sit another one every six to 12 months: simply by being behind the wheel they continue to practice and improve the required skills.

Communicating clearly

Above all, when working through post-ransomware breach response, organisations must foreground the importance of clear communication. That could mean:

  • Communication between incident response team members
  • Communication with the board and senior managers (they should be kept updated at frequent intervals)
  • Communication with the wider community of employees – to ensure they follow policy by limiting what they publish online about an incident, and to maintain morale during what could be a long road to recovery
  • External comms. It’s vital that a senior spokesperson is chosen as part of the incident response team. This individual should be the face of the organisation during the breach response. External comms is critically important to prevent rumour and speculation, especially in the early hours and days following a breach

This is by no means a comprehensive checklist for post-ransomware breach response. But it’s somewhere to start.

For a more detailed briefing on what to expect from a ransomware attack and how to respond, register today for our upcoming reality check webinar: Assessing the real impact of a Ransomware attack.

Assessing the real impact of a Ransomware attack, webinar registration

A whirlwind of confusion: what happens in the first hours of a ransomware attack

What to expect when ransomware actors come knocking

The global economy might still be struggling to get back on track. But the finances of the cybercrime underground are in rude health. Payments from ransomware victims exceeded $1bn last year – a record high. And that’s just for the cryptocurrency wallets forensics analysts were able to track. The real figure is undoubtedly much higher. In this context, all organisations should plan for the day when they too will be compromised by ransomware actors.

Unfortunately, many still do not. And their lack of preparedness is something threat actors thrive on. During the post-breach response period, they will do everything in their power to ramp up victims’ confusion, in order to extract maximum financial returns.

Network defenders must stay calm and stick to their plan. When it comes to ransomware, forewarned is forearmed.

The worst-case scenario

There are several ways in which an organisation could end up a ransomware victim. RDP compromise, email phishing and exploitation of software vulnerabilities are still the top three attack vectors for threat actors. But the first the organisation may actually see of an attack is likely to be a ransom note on a networked PC – or potentially an entry in a ransomware data leak site detailing how much data has been stolen.

From the start, network defenders are on the back foot. They may have no prior experience of dealing with a ransomware breach. Their adversaries, on the other hand, are usually seasoned professionals with stacks of domain expertise. Their operations behave more like regular SMBs than one may imagine. And in some cases, their resources can match those of high-flying enterprises. One infamous group, Conti, reportedly spent $6m (£4.8m) annually on salaries, tooling and support services.

Many questions to answer

Victim organisations will have a relatively short time frame in which to act. This kind of time-based pressure is a classic social engineering technique designed to rush victims into making irrational decisions. A clock may count down the minutes they still have left to purchase a decryption key. Or for breaches where only data was stolen, until that data is ‘leaked’ to the world.

In the meantime, business leaders will be frantically asking their IT teams to answer their questions:

  • How do we deal with this?
  • Who can help us?
  • How much of the business is impacted?
  • How much data has been exfiltrated?
  • How much downtime can we expect?
  • Has the story been reported in the media/on social media?

Unfortunately, without a clear, pre-rehearsed incident response plan and team in place, such questions can be tricky to answer. And the threat actors will be doing what they can to continue wrongfooting their victims. Among the tactics designed to sow confusion and force payment may be:

  • Exaggerating how much sensitive data they have been able to exfiltrate
  • Threatening to launch a distributed denial of service (DDoS) attack
  • Contacting customers and partners and asking them to demand the company pays a ransom
  • Threatening to inform regulators about the breach

Such efforts are becoming increasingly persistent, and novel. In one case, a ransomware group hijacked a US university’s emergency broadcast system to send staff and students text messages and email alerts that their data was stolen and would soon be released. In another, they hijacked and defaced the victim organisation’s website to display a ransom note to the world. In a third case, a ransomware group claimed it was willing to alert crooked traders about a breach before it was made public, so that they could short the listed firm’s stock.

Such efforts have one single goal in mind: to throw a spanner in any recovery plans and put network defenders on the back foot. If they can frighten the organisation in to paying the maximum ransom demand rather than a lower negotiated figure, all the better.

Struggling to respond

Organisations caught in this whirlwind of confusion will find it extremely difficult to successfully respond unless they have prepared for something like this worst-case scenario. Yet unfortunately, government data tells us that just a fifth (21%) of UK businesses even have an incident response plan in place, rising to 47% of mid-sized firms. Fewer than two-fifths (37%) have cyber-insurance.

This matters, because despite the news headlines, most ransomware victims are not big-name brands or government agencies, but SMBs. The median size for a breached organisation stood at just 230 employees in Q4 2023. Some 36% of victims in the period had fewer than 100 staff members. There is a ruthless logic to this. Smaller firms are less likely to have the resources and expertise needed to protect against ransomware attacks in the first place, or contain and recover from them rapidly if they are breached.

The truth is that no organisation is safe from ransomware today. But a compromise doesn’t have to precipitate an existential corporate crisis. The message is simple: plan today to avoid a whirlwind of pain tomorrow.

To find out more on what a ransomware attack could entail for your organisation, and how to mitigate and respond effectively, sign up to our forthcoming reality check webinar: Assessing the real impact of a Ransomware attack.


Assessing the real impact of a Ransomware attack, webinar registration




Why Privileged Identity Management (PIM) is critical for businesses using the cloud

"Privileged accounts are a prime target for cybercriminals..."

Privileged Identity Management (PIM) is an essential security practice for businesses using the cloud. It focuses on securing and managing privileged accounts and access rights within an organisation. In this blog post, we will explore the importance of PIM for businesses, particularly those using the cloud, and why every business should consider implementing it as part of their comprehensive cybersecurity strategy.

What is PIM?

PIM refers to the processes, policies, and technologies used to manage and secure privileged accounts and access rights within an organisation. Cybercriminals often target privileged accounts as a means of gaining access to sensitive information and systems. PIM aims to reduce the risks associated with privileged accounts by providing a central solution for managing and securing these accounts. It involves identifying, managing, controlling access, and monitoring privileged account activity.

Importance of PIM for Businesses

Privileged accounts are a prime target for cybercriminals, and a breach can result in severe consequences, including data theft, business disruption, and reputational damage. PIM is essential for businesses because it helps to mitigate the risks associated with privileged accounts. By implementing PIM, businesses can control who has access, monitor, detect and respond to suspicious behaviour, and reduce the impact of a breach if one occurs.

Why Every Business Using the Cloud Needs PIM

Cloud computing has transformed the way businesses operate, providing flexibility, scalability, and cost savings. However, the cloud also presents new security challenges, particularly when it comes to privileged accounts. Cloud environments typically have many privileged accounts that can access critical resources, making them attractive targets for cybercriminals. PIM is especially important for businesses using the cloud because it provides a central solution for managing and securing privileged accounts across all cloud services and platforms. With PIM, businesses can identify and manage privileged accounts, enforce access controls, and monitor activity. Implementing PIM in the cloud can also help businesses to meet compliance requirements.


PIM is a critical component of a comprehensive cybersecurity strategy, particularly for businesses using cloud computing. By implementing PIM, businesses can manage and secure privileged accounts, control access to critical resources, and monitor privileged activity. PIM can help to reduce the risk and mitigate the impact of a breach if one occurs. Every business using the cloud should consider implementing PIM as part of their cybersecurity strategy to protect against the growing threat of account breaches.

If you’d like a member of QuoStar’s consulting teams to assess your risks and advise on potential controls, without obligation, please contact us.

How our Fortinet SD-WAN solution delivers security at scale

If your organisation is considering SD-WAN (Software-defined Wide Area Network), then effective networking and built-in security should be integral to your decision.

In partnership with Fortinet, QuoStar is one of 15 SD-WAN specialised partners in the UK. We offer a solution that achieves safer, more cost-effective and efficient SD-WAN implementation. Here’s how:

SD-WAN explained

With dispersed workforces, new digital tools and cloud adoption at an all-time high, many organisations are turning to SD-WAN. This virtual WAN architecture brings together existing internet connectivity options, such as MPLS, Broadband, DIA and LTE, to securely connect users to applications, while simplifying the control and management of this connectivity.

SD-WAN solutions help to remove complex and expensive routing, cut down on hardware costs and remove expensive MPLS networks. They can also greatly enhance access to Software as a Service (SaaS) and other cloud-based services and help to minimise downtime.

The issue

However, many available SD-WAN networking solutions have little or no built-in security, which can lead to organisations adding a range of disparate tools to address these risks. This increases capital expenditure, raises complexity and creates potential gaps for cyberattacks.

A fully integrated, secure SD-WAN solution is the best way to ensure effective protection, operational efficiencies, and on-going readiness for evolving network demands.

QuoStar’s SD-WAN solution

Working in partnership with Fortinet, who have been recognised by Gartner as a Leader in the 2022 Gartner Magic Quadrant for SD-WAN for a third year in a row, QuoStar’s SD-WAN solution brings extra security protection and enhanced performance to the existing benefits of SD-WAN. These improvements include:

  1. Protection at all edges

Native security for both on-premises and cloud-delivered services, to provide flexible, secure access for a distributed workforce working on and off the network. Unified orchestration capabilities further provide end-to-end visibility and control of the network environment.

  1. A world-class user experience

Our solution overcomes WAN impairments at all edges using our comprehensive self-healing SD-WAN as well as AIOps and Digital Experience Monitoring (DEM). There are no network slowdowns thanks to our purpose-built security processing units, and application performance is maximised with artificial intelligence and machine learning.

  1. Reduced costs and complexity

Significantly lower operational complexity and low total cost of ownership is achieved with converged networking and security. Our unified SD-WAN solution secures remote workers and on-premises users with consistent policies.

You should investigate SD-WAN if:

  • You’re a largely distributed company experiencing network problems.
  • You’re particularly vulnerable to internet outages.
  • Your internet connectivity costs need to be revaluated.
  • You want to simplify the branch architecture.
  • You’re in the market to affordably expand your company’s network.
  • Your company needs to scale quickly and easily.
  • You would like to enable reliable user experience on any transport with rich routing and advanced WAN remediation for self-healing networks
  • SD-WAN control and management across multiple locations is providing a challenge for businesses with IT resources facing skill gaps

Obtaining a Secure SD-WAN Assessment Report will give you unmatched insight into your current security posture and network activity. Learn more about your network by registering for a free assessment here.

Free SD-WAN Assessment

The cyber-war era: the rapid growth of the threat landscape

cyber security skull banner


In this blog we explain what you should be looking out for in the cyber-war era, and how you can best protect the cyber-security of your organisation.


The threat landscape is accelerating faster as global tensions grow over the Russia Ukraine conflict. The Cyber-war is well underway, with Ukraine rallying troops for the frontline of the cyber battleground

Cyber-war era: as cyber security threats rise, what should you look out for?

Amid the tensions of early 2022 cyber-attacks were already on the rise, with threat actors targeting both Ukrainian organisations and their government. Although there are still questions around who may be responsible for some of these attacks, Ukraine firmly believes Russian state actors are responsible – and evidence would strongly suggest that is the case.

Since the Russian invasion began in Ukraine on 24th February 2022, businesses and government institutions globally are on high alert for state-sponsored cyber threats – with banks, energy companies and airlines undertaking additional work to strengthen their defences against such attacks. There is an underpinning fear that this could be the new era of global cyber-war.

DDoS attacks

Cyber-attacks on state-owned digital assets such as the Ukrainian Defense Ministry and Military websites increased in February, as they were hit with DDoS (Distributed Denial of Service) attacks, along with two large Ukrainian banks – PrivatBank and Oschadbank. In this case, the websites were flooded with traffic to the point that they crashed, making the websites unusable.


Microsoft has issued a Security Intelligence advisory about FoxBlade, a novel trojan. This trojan can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.


HermeticWiper / FoxBlade (aka KillDisk)

At the end of February, there was the discovery of the new wiper malware that had been unleashed – dubbed HermeticWiper by some and FoxBlade by others. As well the as DDoS attacks mentioned above, it was designed to wipe the hard drives/system storage of the systems infected, corrupting all the data in the drive – making the data unrecoverable – then initiating a system shutdown. It has been found on Ukranian computers, as well as on machines in Latvia and Lithuania.

Furthermore, a “worm component” dubbed HermeticWizard, has been discovered that could be used to spread the HermeticWiper in local networks.

FoxBlade (HermeticWiper) also downloads and installs other programs – including other malware – onto infected systems, Microsoft has advised.


Cybersecurity experts identified a second wiper cyber-attack, named IsaacWiper, targeted at Ukrainian governmental networks according to a report on Tuesday 1st March. The second wiper attack was detected on 24th February and is described to be a lot less sophisticated than HermeticWiper.

Cyclops Blink malware

The UK’s NCSC (National Cyber Security Centre) and the US CISA (Cybersecurity and Infrastructure Security Agency) have released details about a new malware targeting network devices, which they attributed to Sandworm – a threat actor previously attributed to the Russian GRU’s Main Centre for Special Technologies (GTsST).

Cyclops Blink is a new piece of malware that targets network devices – supposedly being used by the Sandworm threat actor – a replacement for the VPNFilter malware 2018. The malware collects device information, sending it to a command-and-control server. It can download and execute files, as well as getting additional modules at a later date.

Cloned websites

Researchers have identified a web service hosting cloned copies of websites. A number of Ukrainian government websites were cloned, along with the main webpage of the Office of the President. These sites were filled with malware links, that once clicked, would download on to the user’s computer.


What does this cyber-war era mean for nations other than Russia and Ukraine?


Whenever one nation launches a cyber-attack against another, it doesn’t just increase cyber risk for the nations involved. It also impacts global cyber risks. The Cyber Attack Predictive Index (CAPI) tool, created by Johns Hopkins Information Security Institute, has hit its highest possible threat likelihood level, at a score of 25 (out of 25) under the current situation.

While the aforementioned attacks aren’t particularly sophisticated, and can be mitigated with the right cyber protection measures, these types of attacks have previously been used as a diversion tactic in order to lay groundwork for more damaging, sophisticated attacks.

Exposure or risk

As the EU, UK and the US impose sanctions on Russia and Belarus there is greater chance of being at risk of targeted cyber-attacks, as retaliations make take place from the Russian and respective forces. Companies across Britain have been warned to prepare for a heightened security risks as the UK placed sanctions on three of Russia’s wealthy allies.

UK organisations have been urged by GCHQ’s National Cyber Security Centre (NCSC) ‘bolster their online defences’ and warned that there has been an ‘historical pattern of cyber-attacks on Ukraine with international consequences’.

According to Laurance Dine, global partner, X-Force Incident Response, IBM, businesses need to start operating under the assumption of compromise, and put in place the proper controls and measures necessary to defend their environment and critical data.

The UK government may well be taking their own measures to defend the cyber security of the nation, as secretary of state for defence, Ben Wallace, told parliament in reference to the National Cyber Force: “I am a soldier, and I was always taught that the best part of defence is offence… What is good for the goose is good for the gander, and that if necessary we could use cyber warfare to give as good as we get back to Russia.”

High alert for the energy sector

This week (28th February 2022) the UK Business Secretary, Kwasi Kwarteng, is holding talks with the chair of National Grid amid anticipation of a surge in state-sponsored cyber-attacks from Russia. A wise move considering that, in a recent report published by IBM Security, the UK’s energy sector was the target of 24% of all cybersecurity incidents in the country last year. It is also thought that Russia was most likely responsible for the SolarWinds and Colonial Pipeline attacks of 2020 and 2021.

We recommend:

  • It may seem obvious but evaluate the controls you have in place against cyber-attacks, particularly ransomware.
  • Pay close attention to the news cycle in relation to this situation.
  • Pay attention to the types of attacks that are coming through via security feeds.
  • Keep everything patched.
  • Watch out for any suspicious traffic that may be coming from outside of the country.

At QuoStar we are committed to helping you and your business remain secure. Our experienced industry professionals are here to give you measured and realistic advice.

Evaluate your protection against currents risks, book a complimentary initial cyber security review session with our Head of Security David Clarke.


Cyber Security Post Covid: How to protect against attacks

Cyber Security Post Covid


Businesses have done a phenomenal job to keep going throughout Covid to keep people working from home, and at the same time building in those layers of security as they go. However, as this new norm sets in, there needs to be more security in place for the post covid world.


Working from home needs additional cyber security post covid

 With people working from home, it is important to realise that there are now layers of security your company can’t easily control. Although there has been an inherent layer of security during covid because people have had to work at home, rather than working out and about in cafes and public places.

We recommend giving guidance on these issues to staff as they may not realise that their homes aren’t as safe digitally as they might think they are. Training helps, and it is essential. It’s also essential for organisations to undertake risk assessments of their new agile/remote working environments.


Things you should be considering:

Home environments are a business environment

If you want to breach a corporate network, then you seek out the weak links. People themselves, and home networks/devices are without a doubt weak links that need protecting.

Review your remote working environments

It’s essential that security risk registers and controls are revisited regularly. It’s also important to perform regular penetration tests.

Are the roles now paperless?

Do we need collection of classified documents for shredding?

We are sharing screens more

We need to be cautious about what we are inadvertently sharing.

The use of smart speakers and technology at home

We all know of Alexa, but there are hundreds of varieties. They are all managed by different countries using different clouds. They are recording all the time. IoT and AI are likely to further erode the privacy and autonomy of users.


Avoiding successful attacks and creating better cyber security post covid, the short answer…


Before you hide, go seek!

The biggest key to it all: do you know where all of your data is?

Layer it up

It’s essential that you rely on all 7 layers of cyber security post covid. You can’t just have one control to stop a threat, just as having antivirus software will not protect you from getting a virus. The same way locking a door won’t stop someone burgling your house. It’s best to apply the Swiss cheese model of risk management.

It is much cheaper to get your security layers in there first. The layers don’t need to be expensive, just suitable, with good architecture.


Your data, particularly sensitive data, needs to be protected whilst traveling over non-corporate networks and whilst at rest – sat on a server, the cloud, a mobile or on a laptop.

Work with what you’ve got

Most companies, even big ones, don’t have the budget or endless resources to do everything, the key is optimising what you have got. A simple one, privilege management – what are the entry limits to your digital technology?

Know your risks

It’s essential for all businesses to have a risk register, however large or small. If you don’t know all the risks your organisation faces, how can possibly ensure you are protected against them? It’s negligent to not do so. It’s important that board understands and signs off risks, and doesn’t just leave it to IT. Ask yourself what are your risks to cyber security post covid.

Monitor everything

It’s essential that you monitor all network attached devices for anomalies. If you aren’t looking you aren’t going to see a breach until it’s too late. Many organisations don’t know they’ve had a breach until months after.


Business Continuity has been put to the test

Covid has made us test all major categories of business continuity. A few years ago, we’d test things like ‘building unavailable’. Businesses have been put into the real-life working situation of no building available, no public transport, fewer staff numbers and sick and absent staff. We have been hit with all the major categories of business continuity at the same time.

A shortage of senior cyber-security professionals

However, with a global shortage of senior cyber-security professionals, coupled with the prohibitively expensive costs of retaining a full-time, dedicated expert, many businesses may struggle to access the appropriate level of support required.

QuoStar designed the CISO Service to address this problem.

Businesses get access to a dedicated Chief Information Security Officer who will provide senior security leadership and take responsibility for identifying, controlling, and managing risk. Making sure the business’s security posture is strengthened.

Get in touch to find out more here.



A flexible CISO service for SME’s

Flexible CISO service to the on-demand market for SME’s

The flexible CISO service by QuoStar can help SME’s navigate the ever changing cyber-security landscape.

Cyber crime is changing quickly, it’s a global issue and its ramping by the day. The cybercrime industry is on-target to cost the world $6 trillion in 2021 and is forecast to cost $10.5 trillion by the end of 2025. Everyone is under threat. From the individual sat at home on their iPad or mobile phone, through to small, medium, and large-scale enterprises – even countries! 

So how do mid-market and smaller organisations protect against the clear and present dangers? Cyber Essentials? Without a doubt, cyber essentials ‘does not’ make you secure – it is the absolute bare minimum you need to be doing; look at it like locking the doors to your house. It is the same with anti-virus and firewalls – they are no longer enough. 

  • Does the board and IT team really understand the true level of risk they face in every area of the organisation?
  • How are those risks to evaluated and controlled?
  • Can they make the right budgeting decisions? 
  • How do they respond if there is a breach?
  • How do you do deal with regulators, such as the ICO (Information Commissioner’s Office)?
  • Is their security stance continually improved?  

That’s where QuoStar’s flexible CISO service comes in

As a Leading IT consultancy, QuoStar is offering you access to an on-demand CISO (Chief Information Security Officer) service that can provide organisations with flexible and cost-effective access to senior cybersecurity leadership as and when they need it – from a fully seasoned professional.  

Our on-demand service provides clients with ongoing senior IT leadership and guidance on cybersecurity strategy, management, and response from a certified and experienced CISO. They will be able to identify, control, and manage the multitude of threats and challenges businesses face in today’s rapidly changing security landscape from the get-go.  

The on-demand service operates in close partnership with senior business leadership and IT teams to ensure both parties hold the relevant responsibilities and accountabilities. They will also help to run and implement Information Security Management Systems, such as IASME or ISO27001. This facilitates enhanced security governance, compliance, and ongoing continual improvement of an organisation’s security position. 

The flexible CISO service is led by QuoStar’s Head of Security, David Clarke, who has over 25 years of experience working in cybersecurity, formerly as Global Head of IT Security at BT and other FTSE100 companies. David currently oversees the development, implementation, and support of QuoStar’s clients’ information and security-related risks. 


David Clarke - Chief Information Security Officer at QuoStar

David Clarke, comments:

“As a result of the pandemic, company boundaries have become much more fluid. So many employees now work from home. It’s not always clear what belongs to the company and what is personal. Businesses are now having to manage different servers, cloud services, and access control issues. Their technology needs to be safe and compliant in all these areas before it can be performant.  

“Organisations need to adopt a multi-layer approach to security to manage these risks effectively, but that can be costly. With our on-demand service, however, businesses can truly afford to get the best protection possible, without putting undue strain on the bottom line.” 

The on-demand CISO service follows the successful launch of our on-demand CIO (Chief Information Officer) service earlier this year. Our on-demand CISO service has already seen a rapid uptake of interest, with several businesses already taking advantage of the offering.  


Robert Rutherford CEO at QuoStar

Robert Rutherford, CEO at QuoStar, comments:

“We are delighted to add the CISO service, alongside or CIO service. QuoStar gives mid-market and ambitious smaller businesses access to top talent at the level they need. We’ve always been passionate about delivering measurable business outcomes to our clients. Our aim is to reduce risks and improve the bottom line. 

We’ve always taken IT security extremely seriously. We have always kept up to speed with the technical controls to IT security risks. The evolution of the risk landscape, accelerated by COVID and the rise of hybrid working means we need to implement enhanced IT security governance into our wider client base. Relying on technology just doesn’t cut it any longer – organisations need to be proactively managing risk, continually.” 


Find out how your business could benefit from our CISO Service why not get in touch? Or request a free online consultation from our team today.  


Get more than basic cyber-security protection

more than basic cyber-security protection


Work towards achieving Cyber Essentials Plus and put in place these 7 security measures.

Want more than basic cyber-security protection for your business? If you already have our 9 Steps to combatting cyber-threats in place and you’re Cyber Essential certified, you’ve made a good start. But if this is all you have, then for proper security there are still a few more steps you can take to safeguard your business. Cyber-crime is £1 trillion industry for cyber-criminals.

After getting the basic accreditation, you can work towards achieving Cyber Essentials Plus. This is a similar experience in achieving the basic Cyber Essentials accreditation. The difference is that it deals with security at a higher level and demands more rigorous policies and practices to be in place.

How else can you secure your business?

Cyber Essentials covers a broad range of topics regarding security and so will likely cover most of your basic security needs. But we also have a brief list of some security systems and techniques which are worth looking into. Or, if you’re looking to get the best level of cyber-security we recommend our CISO service.



ISO 27001 is an internationally recognised certification you can get which proves your cyber-security is at a high level. It can be used as a compelling point for people to choose your business over competitors.



Employees are often considered to be the weakest link in the cyber-security chain. But with regular training, they can become one of the strongest as they are able to spot and prevent threats.



Because of the rising cost of an outage, getting systems back online quickly is vital to prevent minute by minute money from burning. The rise of virtualisation and the cloud has made disaster recovery and business continuity a much simpler and cost-effective venture than before. It’s worth considering.



With connectivity being so critical to a firm, it’s essential to have backup network and Internet connections to prevent a failed connection from leaving the firm isolated from clients and the wider world. Multiple firewalls and/or routers are also recommended.



The LAN has previously been left relatively unprotected but it’s now imperative that you secure the internal network to restrict access from undesirable third parties. You also need to secure any wireless or virtual networks to stop a single breach from creating an open door across the entire firm.



Bring Your Own Device (BYOD) is a popular policy, but it’s also dangerous without the correct measures in place. Procedures need to be set up for when a device is lost or stolen or when an employee leaves the company. Don’t adopt BYOD for the sake of it, do it for an important reason. And if employees do need personal devices, look into Choose Your Own Device (CYOD) as a more secure alternative.



In order to implement an effective data leak protection policy, you need to really understand what data you have and the risks you face. Only then can you really begin to implement the correct controls. These will vary from sector to sector but should include things like portable encryption, endpoint protection, email content control and intelligent firewalls.


In short, put in place more than basic cyber-security to stay ahead of the game. Stop those cyber-criminals in their tracks with a good level of protection for your business.


Any questions about either of the Cyber Essentials accreditations? Read our FAQ on the subject.

Get more advice on achieving the best levels of cyber-security – contact our team today.