Meet the team – Brett Marshall

Brett's area of expertise is Information and Cyber Security including but not limited to ISO 27001/2, Cyber Essential Certification, Vulnerability Scanning and Penetration Testing, System Hardening and the NHS Data Security and Protection Toolkit.

 

Information and cyber security is a complex area, what is the most common question you get asked?

 

1.       How long will it take me to get my ISO 27001 certification?

2.       How do I know if my systems and services are secure?

3.       What common Cyber Security threats should I be aware of?

 

Considering the sudden increase in the use of digital during the pandemic, what you be your top tip to companies? Ensure you are aware of the free, plain English guidance on Cyber Security provided by the National Cyber Security Centre (NCSC).

 

https://www.ncsc.gov.uk/

How do they do that with limited resources? Sign up to NCSC alerts and read their Cyber Security Weekly Threat Report, it only takes about 15 minutes.

 

Use a low-cost vulnerability scanning services, such as Detectify (https://detectify.com/), to scan for the OWASP Top 10 and other common vulnerabilities your systems may be exposed to.

 

What else is on the horizon you would flag to customers of ETHOS? Making use of and providing your services via the Cloud is becoming more and more prevalent.  Being Cloud enabled will soon become the norm, not a differentiator. Assessing potential Cloud Service Providers (CSPs) can appear daunting at first however there are some good guidelines and frameworks available to make the process much more understandable. Consider how Cloud will impact you and your business over the next 24 to 26 months.

 

Is this reflected across the health and care sector here and abroad? Yes, this is a key trend for 2020/2021. We are seeing an increase in reports and research in this area which will support cross service improvements.
If you could give one gift to customers what would it be? A free overview assessment of the likely effectiveness of their current security posture and identification of the top 3 actions they could take today to strengthen it.