From start up to large organisation – Mapping the cyber security maturation journey
An imagined case study in four parts that follows the cyber security evolution of an organisation over seven + years as it matures from a start up to a large organisation.
Two friends, Hazel Nutt and Patti Cake shared a love of baking and in 2018, decided to set up a small patisserie business called Essential Cookies.
They began their journey by baking custom cakes, biscuits and pastries from a small commercial kitchen in their hometown of Bakeitwell. Initially, their focus was on delivering high-quality, handmade products to local customers through in-person orders and a simple website displaying their offerings.
This is the fourth and final part of a fictional case study that charts the cyber security journey of ‘Essential Cookies’ from micro patisserie to established dessert supplier using all the NCSC schemes as milestones.
Part Three – Becoming a larger organisation and a supply chain partner: 2024
Part Four – Ongoing operations and continuous improvement: 2025 and beyond
Part four – Ongoing operations and continuous improvement: 2025 and beyond
Essential Cookies has become a well-known name in the industry, with a robust online presence and a strong network of business partners. They handle large volumes of customer data and financial transactions and understand that cyber security is an ongoing process that requires continuous improvement.
What are the cyber security challenges?
Evolving threat landscape: As cyber threats continue to evolve, Essential Cookies needs to stay ahead of new and emerging threats.
Customer trust: Maintaining customer trust requires not only securing their data but also being transparent about their cyber security efforts.
Support with detection and response: As a larger organisation, they need to think about advanced threat detection and response capabilities.
Increased resilience: They also need to ensure business continuity in the event of a major cyber incident.
What steps do they take to be more cyber secure?
Engagement with Cyber Incident Response Level 2 provider: To address these challenges, Essential Cookies engages the services of an experienced industry expert.
The NCSC’s Cyber Incident Response Level 2 scheme was developed to help organisations that have been a victim of a cyber attack find assured providers of cyber incident response services.
Security experts always emphasis the key to resilience is preparation, and it’s a good idea to start working with a Cyber Incident Response Level 2 (CIR L2) provider before you actually need them. With a relationship already in place, and information shared early, cyber incident responders can act immediately when an incident occurs, reducing the damage and quickly containing the threat.
In the event of a cyber incident, response providers typically offer a range of services aimed at detecting, containing, mitigating, and recovering from cyber attacks or breaches. They will provide support during and after a cyber incident, analyse what happened, and help you strengthen your defences.
Their CIR L2 provider offers:
Advanced threat detection and monitoring services
Rapid incident response and containment capabilities
Forensic analysis to understand the root cause of incidents
Support for recovery and business continuity planning
How do these steps help?
With the support of the CIR L2 provider, Essential Cookies significantly enhances their ability to detect, respond to, and recover from cyber incidents. They feel confident that they can maintain customer trust and ensure the resilience of their business operations.
Conclusion
Essential Cookies’ journey from a small local business to an integral part of a supply chain highlights the importance of cyber security at every stage of business growth. By recognising the risks early and implementing appropriate mitigations, they are able to protect their business, build trust with customers, and meet the stringent requirements of their supply chain partners. Their story serves as a reminder that cyber security is not a one-time effort but a continuous process that evolves with the business and involves specialised guidance from experts in their field.