After recent malicious cyber incidents in Ukraine, the UK official National Cyber Security Centre (NCSC) is urging organisations to consult guidance. The NCSC points to a pattern of Russian behaviour seen before, including the destructive NotPetya attack in 2017 and cyber attacks against Georgia.
Paul Chichester, NCSC Director of Operations, said: “The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient. Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
The online document advises organisations of all sizes to make sure that the fundamentals of cyber security are in place to protect their devices, networks and systems. Visit https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened.
Comments
Eric Milam, VP Research and Intelligence at BlackBerry said: “As the UK is warned to bolster defences against cyber attacks following Russian threats to Ukraine, the NCSC’s concern is a reminder of the power of Russian cyber threats internationally. My own team’s investigation and prevention of these Russian threats, such as Dr. REvil, has revealed that it is crucial for organisations and government to learn how to protect against state-sponsored cyber attacks as a matter of highest priority.”
“As organisations collect and share more digital information, they must develop a comprehensive, integrated approach to security to protect highly confidential data and communication. This can be done through AI-based threat prevention, enabling a Zero Trust security environment which continuously validates that trust at every event or transaction to authenticate users.
“If you are victim to an attack, you also need the capability to contain it as fast as possible through a unified critical communications network, which can communicate between organisations, people, devices, and external entities regarding who is in the network and next steps.”
Dan Middleton, VP, UK and Ireland at the data protection software firm Veeam, said: “Right now, it’s extremely hard to punish those who commit ransomware crimes, meaning it is effectively victimless and unpunishable. It is victimless in the sense that the majority of businesses are insured against their losses and unpunishable due to the fact there is no agreed global legal framework. Cybercrime knows no borders. It may seem an obvious thing to say but in terms of law and order it’s a huge challenge. If a criminal from another country comes to the UK and commits a crime against a business of British soil, there is an entire diplomatic process to ensure this person is brought to justice and the victim is compensated. This simply isn’t the case when it comes to ransomware.
“To avoid this, and help businesses get their services back up and running quickly, the simplest thing leaders can do is start with the 3-2-1-1-0 rule to ensure recoverability from cyberthreats. This concept calls for three or more copies of data on two or more different types of media, one1 of which is offsite, one copy of which is offline, air-gapped or immutable (to ensure backup data is free from infection), and the 0 is to ensure that your backups are valid so that when you go to restore data that your recovery will be successful.
“Increasingly regulations are changing to put the onus for data protection back on businesses, and therefore it is on them – not governments – to ensure they have modern data protection strategies in place should the worst happen.”
And David Carroll, MD of Nominet Cyber said organisations should take heed. “This guidance is in line with the cyber security reality that has emerged over the past decade, where geopolitical activity and real-world warfare are increasingly mirrored in the cyber sphere. Experience has taught us that government, public sector, and private sector organisations can become targets for malicious activity from hostile states and the UK Government is right to take a proactive approach to protection. Organisations should prioritise identifying and patching vulnerabilities in their software, which have traditionally been a vector for large-scale attacks in the past, and be actively monitoring for breaches or potentially suspicious activity.”
