惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
WordPress大学
WordPress大学
Security Archives - TechRepublic
Security Archives - TechRepublic
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
SecWiki News
SecWiki News
P
Proofpoint News Feed
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园 - 司徒正美
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Vercel News
Vercel News
S
SegmentFault 最新的问题
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
S
Schneier on Security
A
Arctic Wolf
MongoDB | Blog
MongoDB | Blog
V
V2EX
C
Cisco Blogs
爱范儿
爱范儿
月光博客
月光博客
博客园 - 【当耐特】
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cyber Attacks, Cyber Crime and Cyber Security
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Cloudbric
Cloudbric
The Cloudflare Blog
T
Tenable Blog
H
Help Net Security
D
Docker
C
Cybersecurity and Infrastructure Security Agency CISA
G
GRAHAM CLULEY
博客园 - Franky
Google DeepMind News
Google DeepMind News
T
Tor Project blog
F
Full Disclosure
PCI Perspectives
PCI Perspectives
Webroot Blog
Webroot Blog
博客园 - 叶小钗
B
Blog RSS Feed
P
Privacy International News Feed
Project Zero
Project Zero
博客园 - 三生石上(FineUI控件)
L
LangChain Blog

Latest from TechRadar

Quordle hints and answers for Monday, April 13 (game #1540) NYT Strands hints and answers for Monday, April 13 (game #771) NYT Connections hints and answers for Monday, April 13 (game #1037) Morbid Metal developer explains why he ditched an origami art direction in favor of gritty sci-fi — 'It worked, but it didn't really feel like me' '71% of US households get routers from ISPs': Why new FCC rules could leave millions stuck with outdated,… 'The CPU is the system’s executive layer': Intel joins SambaNova as both face existential threat from… ‘More bang for your buck’: 7 easy ways to boost your MacBook Neo’s performance for free DJI Romo P vs Roborock Saros 10R — which robot vacuum comes out on top when it comes to dodging obstacles? I put… I spent 6 hours with Genshin Impact on the Galaxy S26 Ultra, and I can't believe how far mobile gaming has come What is the release date for The Testaments episode 4 on Hulu and Disney+? I reviewed the LG G6 for 3 weeks, and it's a fantastic OLED TV that's the new best option for brighter rooms Is your bird feeder camera doing more harm than good? 3 tips for using it safely as RSPB issues urgent disease warning Chelsea vs Man City Live Streams: How to watch Premier League 2025/26 from anywhere in the world, team news How to watch Alcaraz vs Sinner for FREE: TV Channels for Monte-Carlo Masters Final Sunderland vs Tottenham Live Streams: How to watch Premier League 2025/26 from anywhere in the world, team news Are these the best-designed workout headphones ever? I used them for a month to find out How to watch Snooker 900 John Virgo online (it's free) – stream O'Sullivan vs Higgins anywhere I've only just discovered the Walk With Frodo app on Garmin's Connect IQ store — and as as a huge LOTR nerd, it's going to make the next 1,800 miles fly by 'Just not sustainable': Why your monthly £25 broadband internet bill could soon hit £45 How to watch Paris-Roubaix 2026: Free Streams & TV Info as Tadej Pogacar chases third Monument How to watch Euphoria season 3 online – stream Zendaya & Sydney Sweeney drama from anywhere today '$15K bill destroyed a solo developer’s startup': How hackers are using leaked Google API keys to… There's a sneaky way to watch UFC 327 really cheap... NYT Connections hints and answers for Sunday, April 12 (game #1036) NYT Strands hints and answers for Sunday, April 12 (game #770) Quordle hints and answers for Sunday, April 12 (game #1539) Amazon's Ring cameras are the perfect solution to secure your home on a budget — shop today's best deals… I've tested every iPhone since the iPhone 12, and Ceramic Shield 2 is the first iPhone glass I fully trust UFC 327 live stream: how to watch Procházka vs Ulberg, start time, preview, full card We're officially getting the DJI Pocket 4 on April 16, but here's how Insta360 could beat it 'Today is the day you've been waiting for': eGPUs can now officially turn a humble Mac Mini into an AI… Linux pulls support for ancient CPU — unsurprisingly, Linus Torvald says there is 'zero real reason' to… Keanu Reeves' new Apple TV movie Outcome has been slammed by critics — watch these 4 highly-rated films with the beloved actor instead 'AI is a once-in-a-lifetime opportunity': Amazon CEO Andy Jassy lays out his '6 truths' for the… How to watch Grand National 2026: Free Streams & TV Channels for Aintree National Hunt Race ‘I hadn’t verified a single thing’: Using ChatGPT for Iran war news changed how I trust information Want cafe-quality lattes at home without buying an expensive new coffee machine? Jura's new gadget upgrades your drinks with perfectly foamed milk every time 'A self-inflicted hit': Washington state just rolled back sales tax exemptions for AI data centers worth… Playing The Last of Us with friends made my favorite PlayStation game feel brand new again Mint Mobile's new Samsung Galaxy S26 series deal can save you up to $900 — enough to cover an entire device Not a squat, not a deadlift — the trap bar deadlift 'sits between' the two, builds muscle fast and is… Record Store Day 2026 starts soon! The date, the top vinyl drops, and everything else you need to know Women's Six Nations 2026 Free Streams: TV Channels, Preview, Table, Round 5 Fixtures, France vs England Time Beyond Paradise season 4 star would 'love' to do The Celebrity Traitors season 2 — and would be 'terrified' if one contestant came to Shipton Abbott 'There’s no one-size-fits-all office chair': Vari explains the design decisions behind its award-winning… I was a vacuum reviewer for two years — these are the 6 sub-£250 models I'd recommend in a heartbeat Save $200 and get the Samsung Galaxy S26 Ultra at its preorder price for a limited time at Amazon 'Small business owners have significant creative control from start to finish' — VistaPrint reveals the… TurboQuant isn't the RAM crisis savior you're hoping for, analysts say — as memory prices continue to… ICYMI: the 7 biggest tech stories of the week, from DJI's new robovac to Artemis II iPhone photos I matched the upgraded Meta AI against ChatGPT, and you can really tell which AI has social media roots Quordle hints and answers for Saturday, April 11 (game #1538) I created my dream coffee corner at IKEA for under $100 — and my mornings are about to get a lot cozier 'Experts' to rent for $1 per month: Hostinger debuts 7-person AI team to help SMBs save thousands on… The new MacBook Air has already dropped to a record-low price on Amazon I tested Turtle Beach's Mario-themed controller and headset for Nintendo Switch 2 — and they surprised me for… NYT Strands hints and answers for Saturday, April 11 (game #769) NYT Connections hints and answers for Saturday, April 11 (game #1035) After soaring 2,200%, DDR4 RAM prices finally fall — but don't get too excited It's "completely changed my home cleaning habits": The Dreame Z20 is a highly effective vacuum cleaner for even lsrger homes. Beyond no-log: Tor looks into seizure-proof servers that forget your data There's a sneaky way to watch IPL 2026 for FREE Microsoft hands Linux Foundation key Surface data to help fix laptop battery life Adobe Reader users beware — experts flag months-old security flaw using booby-trapped PDFs to scope out victims 'Shockingly good value': New rugged Android tablet has a built-in 1080p projector, night-vision camera, and… Stop the presses — Microsoft is actually cutting cloud PC prices for SMBs, promises to make it 'more cost-effective for small and medium businesses' Microsoft has begun stripping out AI from Windows 11 — but it's already being criticized for not going far… Euphoria season 3 episode 3 release date: when will it come out on HBO Max? 'If one piece of your supply chain is delayed, then your whole project can't deliver': Nearly half of US data centers planned for 2026 canceled or delayed — and things could soon get much worse ChatGPT’s hidden backup model just got smarter — as OpenAI adds a cheaper Pro option Forget Big Mistakes — new Netflix true crime series Trust Me: The False Prophet is the only TV show you need to… 'The problem is not AI’s capability...what won’t improve on its own is the human side': Major study claims white-collar workers are fighting back against AI in the workplace Introducing Perspectives — the new home for premium contributed content on TechRadar Pro ‘Computers are no longer a bicycle for the mind’: Frameworks founder says the Steve Jobs era is over and PCs are now a ‘self-driving car that takes you directly to the destination’ No, Elon Musk doesn't want to give you a $5,000 tax refund — it's a scam, here's what to look out… ‘It’s a potential national security threat’: Proton study finds over 3,500 US legislators’ official emails leaked and exposed on the dark web ‘I want to cancel’: YouTube Premium quietly hikes its US prices for the first time in three years, forcing… RTX 5090s and other high-powered graphics cards may carry risks of cable melting issues — but Asus thinks it has… Former Xbox exec thinks Naughty Dog's decision to cancel the 80% completed The Last of Us Online 'was the right call', but it shouldn't have greenlit it in the first place — 'The ambition was there, but the realistic upfront planning wasn't', she says West Ham vs Wolves Live Streams: How to watch Premier League 2025/26 from anywhere in the world Microsoft warns worrying security flaw exposed over 50 million Android users, says 'user credentials and financial… ‘Apple will grit its teeth and push through’ — new report suggests the iPhone Air 2 isn’t dead,… Google Chrome rolls out a new tool to try and stop infostealer malware in its tracks 'Two Hells collide' — Doom: The Dark Ages and Diablo Immortal unite in a limited-time crossover event,… Spotify is rolling out new video controls, and as someone who hates its in-app music videos, I know this will be a huge… 8 new movies and TV shows to watch on Netflix, Prime Video, HBO Max, and more this weekend (April 10) AdGuard VPN has a new app for iPhone — and you can try it out for 7 days for free Currys refuses to end its Easter sale — I've found the 21 best tech deals that are still available Amazon is slashing prices on Garmin watches — save up to $350 on best-rated models for running, biking and hiking Inspired to start running this summer? Here are 8 brilliant running shoes I'd recommend for beginners NASA used a 12-year-old GoPro to capture a sight called the ‘greatest gift’ by Artemis II pilot — and… iPhone owners urged to change this key privacy setting after FBI recovers suspect’s deleted Signal messages How to read Murder in Purple and Gold online from anywhere Garmin's cashing in on the screenless Whoop-style smart band trend with its upcoming CIRQA — here's the… YouTube insists that a 90-sec, unskippable ad format 'isn't something we are testing' — but furious… ‘Everything is magenta’: This wild hack got Mac OS X Cheetah working on a Nintendo Wii, and I can’t… A new free-to-play Borderlands game gets surprise drop on mobile, which Zynga says is part of a 'limited-time… The Xiaomi 17 outmuscles the iPhone 17 and Galaxy S26 in several key areas — read our full review In a sea of PlayStation Portal cases, the one I value the most has yet to be beaten How to submit an article for TechRadar Pro Perspectives
Avoiding the auto-fail under cyber essentials’ new rules
https://www.techradar.com/sg/author/robert-kehoe · 2026-06-17 · via Latest from TechRadar

Cyber Essentials has always been the UK’s baseline cybersecurity standard.

It’s a practical floor designed to block common attacks and ensure business resilience when organizations implement them, rather than treating the scheme as lip service.

The April 2026 update raises the floor, introducing auto-fail outcomes for missing key controls, meaning that certain gaps now end an assessment immediately, rather than becoming items to fix later.

For a lot of organizations, that’s not just a compliance issue but a commercial one; as Cyber Essentials certifications are increasingly a requirement by customers and suppliers.

What actually changed in April 2026?

Three changes define the update to Cyber Essentials, with two aspects now resulting in an “auto-fail” if they are not met.

Firstly, patching deadlines are now strict requirements, with high-risk and critical security updates needing to be applied within 14 days of release across systems.

Second, multi-factor authentication has moved from a strong recommendation to mandatory for cloud services. Where MFA is available and not enabled, the assessment ends. The room to treat it as optional is gone.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Third, cloud services can no longer be excluded from scope. IT infrastructure and services hosted in the cloud are now within assessment boundary, shutting down any ambiguity that many organizations had used, on purpose or not, to simplify their certifications.

Why the 14 day rule is no longer a “nice target”

It’s tempting to read 14 days as aggressive until you compare it to how quickly disclosure becomes exploited in today’s environment. Security teams are operating in a world where attacker collaboration and automation compress timelines throughout the attack cycle, and incident data shows how fast campaigns can progress once initial access is achieved.

The UK’s National Cyber Security Centre has been clear with its warnings: organizations need to prepare for a vulnerability patch wave, driven by AI-enabled actors exploiting technical debt at scale and at pace. Organizations need to have processes that deploy updates quickly, more often, and prioritize internet-facing attack surfaces.

Cyber essentials now treat 14-day patching as a minimum, not a nice-to-have, benchmark. Informal patching practices like monthly scheduled windows or manual processes where IT runs updates when they get a chance aren’t enough.

Beyond compliance, unpatched systems are a routine entry points attackers use to disrupt operations – making fast patch management a direct investment in business resilience, not just a box-ticking exercise.

Who is most exposed by the new auto fail approach?

The organizations most likely to struggle aren’t always those with the worst intentions. In practice, the biggest risk sits with teams that can describe compliant controls but can’t run them consistently across their full environment. The update is designed to punish inconsistency because inconsistency is what attackers exploit.

Patching is the obvious pressure point. A 14-day commitment is difficult to keep if devices drift from management, if network hardware runs on separate update schedules, or if legacy applications are prone to breaking when updated. Under the new rules, it’s not enough to patch the easy things; the requirement is framed across the entire scope, which is exactly where many environments reveal hidden gaps.

MFA is the other common tripwire – less technical than organizational. Many businesses have strong MFA coverage for core systems like secure email or admin consoles, but not the long tail of cloud services that have never been brought into line. Under the new rules, that tail is now in scope and the “MFA where available” rule matters.

Cloud scoping will catch organizations that historically treated cloud as “the provider’s responsibility.” The updated requirements explicitly describe shared responsibility expectations and make clear that applicants remain responsible for ensuring controls are implemented.

Finally, organizations that relied on narrow scoping to simplify certification are likely to face more scrutiny. The scheme changes around scope descriptions, exclusions, and transparency, are intended to make it harder to present a subset that doesn’t represent the real operating environment.

How to prepare without turning it into a paperwork exercise

The fastest way to get ready is to stop thinking of Cyber Essentials as a yearly submission and start treating it as ongoing routines.

That doesn’t mean building a bureaucracy; it means choosing a small number of repeatable disciplines that keep you continuously within the standard. Embedding these routines makes organizations more operationally resilient, as they are better prepared to absorb and recover from disruption.

The starting point is understanding scope properly. Cloud services that host or process organizational data are now in scope and can’t be excluded. So, the first task is establishing which services are being used, and who owns them operationally.

Once you have that picture, the MFA requirement becomes a finite task: ensure MFA is enabled wherever it is available and ensure that you can demonstrate it reliably across users rather than assuming “most people probably turned it on.”

Next, treat patching as a pipeline rather than an event. The NCSC’s guidance to prepare for faster, more frequent patching aligns with what Cyber Essentials is now enforcing through auto-fail. Routines are needed to ensure that updates are discovered quickly and prioritize what matters like internet-facing exposure – within the 14-day window.

Where updates genuinely cannot be applied without breaking critical systems, the expectation shifts towards containment and risk management rather than leaving systems exposed and hoping the next cycle catches up.

Compliance that keeps pace with attackers

Incident response reporting continues to show how quickly intrusion timelines are shrinking once initial access is achieved. Threat intelligence reporting is also increasingly clear that adversaries are using automation and AI to accelerate parts of the attack chain.

The implication for a baseline standard like Cyber Essentials is straightforward: controls that slow attackers down early and increase business resilience - rapid patching, strong authentication, and realistic scoping - matter more than ever, because they buy you time you may not otherwise have.

If you take one lesson from the April 2026 update, it should be this: the scheme is no longer optimized for organizations that are “mostly compliant most of the time.” It is increasingly aligned to the reality that attackers only need one neglected service, one unpatched edge device, or one MFA gap to turn a baseline weakness into a breach.

We feature the best endpoint protection software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。