A heightened threat: six steps to bolster your cyber defences

As the Russia – Ukraine conflict unfolds, it’s wise to ensure your cyber security strategy is at full strength.

In response to the malicious cyber incidents involved in the ongoing Russia – Ukraine conflict, the National Cyber Security Centre (NCSC) has issued new guidance urging organisations to take action to strengthen their cyber resilience¹.

An ongoing threat

Ukraine has suffered a string of cyber attacks in recent weeks, with Wednesday seeing a massive distributed denial of service (DDoS) attack that targeted government and banking websites, knocking them offline. A new destructive “data-wiping” malware has also been found on hundreds of computers. Ukraine has been repeatedly targeted since 2014, including attacks on its critical infrastructure — in winter 2015, a cyberattack on its power grid led to almost a quarter of a million Ukrainians losing power and heat.

And with the NCSC warning this week that a Russian state-backed hacker group known as Sandworm has developed a type of sophisticated malware that could allow them to remotely access networks², it’s clear that cyber is expected to be one of the front lines of any conflict involving Russia.

Should I be concerned?

While the NCSC is not aware of any current specific threats to UK organisations, there has been a pattern of Russian cyber attacks on Ukraine that have had international consequences. Most notable of these is the 2017 NotPetya malware — which targeted Ukrainian power, transportation and financial systems but spread indiscriminately around the globe — including Russia itself. The attack caused massive operational disruptions, with total worldwide costs estimated to exceed $10 billion³.

NotPetya demonstrated the potential for cyber attacks to spiral out of control, so as the conflict continues, it’s important to be mindful of the possibility of a cyber war ‘spillover’. The most critical action for organisations of all sizes is to ensure that the cyber security fundamentals are in place.

What actions should I take?

To bolster your cyber security defences, there are a number of steps you can implement, from the simple points detailed below to a more sophisticated and robust defence-in-depth strategy:

Apply patches and security updates

The patching of applications and operating systems remains one of the most effective components of an organisation’s security posture. This includes a heightened awareness of the relevant management portals, ensuring all devices are receiving their applicable patches or package updates.

Verify access controls

Now is a good time to check that legacy authentication is not enabled for the organisation’s Microsoft tenant, and to ensure that your business is utilising multi-factor authentication (MFA) whenever possible.

Ensure your defences are working

Review firewall rules and ensure only necessary devices are exposed to the internet. With the threat heightened, you may want to consider increasing the frequency of vulnerability scanning of these more exposed devices.

Review and test your backups

Backups are a vital component of cyber resilience. Ensure your business is using a trusted third-party backup solution — and that you regularly test the recovery process so you’re confident you can restore your data when it matters most.

Review third-party access

IT networks can be complex to manage and sometimes require external help, providing non-regular users with high-level access. Organisations should identify what access these users have and remove any that are no longer required.

Review logging and monitoring activities and processes

Prevention is always better than cure, but to prepare for a breach, it’s more critical than ever to understand what logging you have in place, where logs are stored and how long they are retained.

Don’t be the easy target

Irrespective of the political climate, following cyber security best practice should be a key priority for all businesses in today’s IT landscape. With a considerable increase in cyber crime over the past two years, establishing a good security posture will ensure your business won’t be seen as the ‘low-hanging fruit’ by threat actors.

At Bistech, we take a tailored, multi-layered approach to security to help you protect, detect and respond to ever-changing cyber threats. To discuss your security needs, call our expert team today on 03330 11 22 55.

¹ NCSC, 2022 ‘NCSC advises organisations to act following Russia’s further violation of Ukraine’s territorial integrity’

² NCSC, 2022 ‘New Sandworm malware Cyclops Blink replaces VPNFilter’

³ Financial Times, 2022 ‘Cyber warfare in Ukraine poses a threat to the global system’