UK Firms Urged To Bolster Cyber Defences

Britain's cyber security centre has urged UK organisations to check their cyber defences are substantial and bolster where required, as concerns grow about the potential for new Russian cyber attacks linked to tensions with Ukraine.

The public-facing arm of the spy agency GCHQ encouraged everyone to read new guidance published on its website entitled: "Actions to take when the cyber threat is heightened."

Paul Chichester, director of operations at the National Cyber Security Centre (NCSC), said: "While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.

"Over several years, we have observed a pattern of malicious Russian behaviour in cyber space. Last week's incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before."

Ukraine was hit on 14 January by what Ukrainian officials described as a "massive cyber attack" that targeted some 70 government websites.

Officials from the NCSC are "urgently" helping the Ukrainian government investigate the attack and discover who was behind it.

What Can You Do To Protect Your Business?

The new NCSC warning appears designed to try to ensure British companies and other organisations are better prepared in case another cyber attack against Ukraine then infects the internet worldwide.

SES has a wealth of free guidance available, helping you to begin protecting your business from incoming threats. Some notable articles include: 

• Cyber Attacks From Unexpected Sources: Have You Considered Your Risk?
• 5 Advantages To Exercising Your Cyber Incident Response Plan
• Why Template Phishing Assessments Don’t Prepare You For Real World Threats

To help prevent your business from becoming collateral damage in a future state-level attack or even the gateway for a threat group to reach another victim, you can minimise the potential impact by starting with the basic cyber security advice such as adhering to the 10 Steps of Cyber Security, Cyber Essentials, and other more robust cyber security standards, such as ISO 27001.

We also recommend ensuring that:

• Your workforces are suitably informed and aware of the threats from phishing and social engineering. Given that 90% of successful attacks begin with a phishing campaign, it’s vital to ensure everyone in your organisation has undertaken some form of cyber security education.
• Your organisation has a robust security update/patching regime for software applications, to keep your corporate environment safe from the latest security threats. In the case of the WannaCry ransomware attacks, the NHS would not have been as badly affected by the malware if the devices being used had been updated to the already-released Microsoft security updates.
• Your IT infrastructure has been configured correctly. It’s easy to blame technology when there is a cyber security incident, but many security weaknesses manifest because new technology hasn’t been deployed and configured correctly (or at all…did you remember to change those default admin login details?).
• You have an understanding of the security posture of the various links in your supply chain. Truthfully, you have very little control over your suppliers, but conducting a supply chain security assessment will enable you to better manage the risk that your suppliers represent.
• It’s important to never assume certain attacks are only reserved for large organisations, government agencies and critical national infrastructure. Cyber threats are everywhere and affect organisations of all sizes and sectors.

If you do think you have been the victim of a cyber attack or would like to speak to one of our specialists about protecting your organisation against cyber threats, please get in touch to speak to one of our specialists.

© SES Secure Limited and ses-escrow.co.uk, 2022. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content