Cyber threat has heightened due to the recent Russian attack on Ukraine. The National Cyber Security Centre has urged organisations to follow the guidance they put out.
The NCSC is not aware of any immediate specific threats to UK organisations in relation to the situation. There has, however, been a historical pattern of cyber attacks on Ukraine with international consequences.
Balancing Cyber Threat & Defence
Threats may vary over time for organisations. It is important to strike a balance between the current threat, the measures taken to defend against said threat, the implications and cost of those defences, and the overall risk this presents to the organisation.
Moving to a heightened alert can help prioritise necessary cyber security work, especially when cyber threats become greater than usual. By doing so, it also offers a longer term boost to defences. Organisations would also have the best chance to prevent a cyber attack at the height of likeliness, and to recover quickly if it happens.
New information that the threat has heightened may change the view of cyber risk. This might be due to active exploitation of a vulnerability in widely used service resulting in a breach. It could also be specific to an organisation, sector, or even country, resulting from hacktivism or geopolitical tensions.
This means that organisations of all sizes could be affect and should be taking steps to ensure they can respond accordingly to these events. It is rare for an organisation to be able to influence the threat level. Organisations should follow the guidance to reduce their vulnerability and the impact in the case of a successful attack.
Vulnerabilities, misconfigurations and breached passwords are just a few examples of what attackers would take advantage of. To reduce the cyber threat, it would be best to reduce their ability to use these techniques.
While it is unlikely an organisation can make widespread system changes quickly in response to a change in threat, it is important for your organisation to have the basics of cyber security in place. The following steps proposed by the NCSC are to ensure basic cyber hygiene controls are in place and functioning correctly.
- Check your system patching: Ensure all devices and firmware are all patched. Turn on automatic updates if possible.
- Verify access controls: Verify staff passwords are unique to your business system and not shared on other systems. Remove old or unused accounts and enable multi-factor authentication (MFA).
- Ensure defences are working: Install antivirus and regularly check that it is active. Check that firewall rules are as expected.
- Logging and monitoring: Understanding what logging your organisation has in place, where and how long the logs are stored.
- Review your backups: Ensure that backups are running correctly and have an offline copy of your backups.
- Incident plan: Check that your response plan is up to date, including escalation routes and contact details.
- Check your internet footprint: Records of external internet-facing footprint should be correct and up to date, including IT addresses your systems use or domain names that belong to your organisation.
- Phishing response: Have a process in place to deal with reported phishing emails.
- Third party access: Remove any third party access that is no longer required. Make sure that you are in the know of what level of privilege is extended and to whom.
- NCSC services: You can be informed quickly of any malicious activity when registered for the NCSC early warning service.
- Brief your wide organisation: Brief your team and other teams within the organisation of the situation. Make sure everyone knows how to report suspicious cyber threats.
The NCSC developed the Cyber Assessment Framework. It is intended for organisations that are responsible for services and activities that are of importance to the public. This guidance includes all the precautions listed above but also some of the more advanced actions you could take.
These actions include reviewing cyber security plans to see if they should be accelerated, consider a more aggressive approach to patching security vulnerabilities, consider delaying significant system changes that are not security related, and many more.
You can read the detailed NCSC guidance here.
Organisations In The US
For organisations in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint Cybersecurity Advisory. You can read the detailed guidance here.
Here at it-QED, we have collectively donated to the local Ukrainian community centre. Check out your local Ukrainian community centre to see how you can help out.
Contact us if you would like to know more about cyber threat and security.