KARE provide are a registered charity in Ireland providing support to people with intellectual disabilities. They are a large organisation with over 680 staff. KARE decided to undergo a cyber security assessment and implemented some of the key recommendations made by CommSec. This proved to be beneficial for them in ensuring that fundamental IT security controls were in place, and aligned with the CyberEssentials certification standard.
The Challenge
KARE took the decision to undergo a Cyber Security assessment with CommSec in early 2021 and was working towards completing the recommendations of the assessment when the HSE Conti Ransomware attack struck in May 2021. According to Denis Clancy, IT Manager of KARE, “Upon completion of the security assessment, CommSec provided us with clear recommendations to improve our IT security and to align with the Cyber Essentials framework”.
The Solution
The HSE cyber-attack in May 2021 pushed cyber security to the top of the agenda for most organisations.
The KARE Board have a keen interest in the area of IT security. The Commsec assessment report gave the KARE ICT department them a clear understanding of what needed to be done to address some potential security weaknesses. Since the assessment, the monitored security service CommSec Business Secure and Sophos Managed EDR (Endpoint Detection & Response) was deployed as it gives a layered approach to security and includes IT asset inventory, threat detection and response, anti-virus, anti-ransomware, endpoint management, patch management and access to the CommSec security helpdesk at any time.
The solution also allowed them to implement the main controls areas set out in the Cyber Essentials framework.
Denis recalls, “the solution gave us a comfort blanket of sorts as we know our endpoints and devices are being monitored for any suspicious activity and we now have visibility on the latest versions of software and security patches implemented across our estate. It also gives us access to security subject matter experts when something goes wrong. We had a couple of potential security incidents since implementing the Business Secure product and the CommSec team has been very responsive in assisting our in-house team to resolve issues and provide expert advice/support in assessing any concerns”.
Value-Added Benefits
Another benefit to the Business Secure service is the monthly reports. These can mean time savings in preparing reports on a regular basis. The reports give the KARE’s ICT management a detailed view of the previous month’s IT security activity, risks and any threats remediated by the CommSec team.
One of the biggest risks to any organisation is the patching of system and OS (Operating System) updates in a timely fashion. Hackers are looking to expose these vulnerabilities before patches are applied to gain unauthorised entry to networks. The Business Secure solution pushes updates to endpoints and servers automatically so which saves the IT team a lot of time due to the regular frequency of these updates. Denis affirms, “now that the controls are in place, we can easily identify and take care of any device that needs to be updated”.
The Future
When asked what happens next in the future for KARE’s IT security journey, Denis remarks, “with the help of CommSec, aligning with the Cyber Essentials framework is attainable for any organisation. We are now considering taking it a step further by formally certifying to the CyberEssentials standard and improving our current security controls as a stepping stone to ISO27001 accreditation”.
Visit the Business Secure Product Page.