Is your business protected?
Our cyber experts are here to help businesses navigate and mitigate the risks.
Following Russia’s further violation of Ukraine’s territorial integrity, The National Cyber Security Centre (NCSC) has updated guidance to the UK industry.
The NCSC, which is part of Government Communications Headquarters (GCHQ), has urged organisations to follow NCSC advice and to improve their resilience whilst cyber threats are at a heightened risk level. The NCSC have advised that:
“While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber-attacks on Ukraine with international consequences”.
The NCSC guidance provides industry with actionable steps that can reduce the risk of organisations falling victim to a cyber-attack.
This comes off the back of a joint advisory from the American Cybersecurity and Infrastructure Security Agency (CISA) in January 2022, which outlined the threat from Russian State-Sponsored Cyber Threats to Critical Infrastructure. The CISA advised organisations to:
- Be prepared
- Enhance your organisation’s cyber posture
- Increase organisational vigilance.
The threat from attributable Russian Federation State Sponsored and Non-Attributable Russian State Funded Malicious Actors never really goes away. Over the last year, and particularly recent weeks, our threat intelligence service has observed an increased level of activity and targeting of UK interests. We expect to see this continually increase, targeting the assistance we are anticipated to be lending to our NATO, European and Ukrainian allies.
The risk of a cyber-attack is imminent, so what can you do to protect your organisation?
Now more than ever, it is important to align yourself with best practice, performing a gap analysis on a regular basis.
Outlined below are some actionable steps organisations can immediately take to improve cyber resilience:
Check your system patching
- Ensure internet facing services are patched for known security vulnerabilities and device firmware is up to date e.g. known vulnerabilities are patched, routers and firewalls have the latest manufacturer updates installed.
Verify Access Controls
- Ask staff to verify that their passwords are unique and are not shared across non-business systems or personal accounts.
- Review user accounts – remove accounts that are no longer active e.g. employees that have left the organisation and ensure there are no toxic privilege combinations.
- Employ Multifactor Authentication (MFA) where possible e.g., password and secure mobile device code for user authentication.
Ensure defences are working
- Check that antivirus is installed and is up to date on all devices and that definitions are up to date.
- Check that firewall rules are up to date and as expected.
Logging and Monitoring
- Understand where your logs are stored, and how long they are retained for. Monitor key logs and at the minimum monitor antivirus logs.
- Confirm backup systems are functioning correctly. Check backups by performing a test backup restore – ensure IT teams are familiar with the data restoration process.
- Check you have an offline copy back up, ensure this is recent enough to be useful if you suffer a Cyber-attack.
- Check that your organisations incident response plan is up to date e.g. check that the contact details and phone numbers are up to date and that employees understand the escalation process.
- Test your incident response plan, when was your last desktop exercise?
Check your internet footprint
- Check that the records for your external internet-facing footprints are correct and up to date e.g. ensure your systems are using expected IP addresses.
- Perform an external vulnerability scan – check that all vulnerabilities are acted on and patched.
Security Awareness Training
- Make certain that training has been carried out by all members of staff, at least within the last year.
- Ensure that staff have undergone training to spot phishing attempts and understand the organisations process for reporting phishing attempts.
Third Party Review
- Ensure you have a robust due diligence process in place e.g. contractual clauses regarding security and data protection.
- When was the last time you received up to date due diligence questionnaires from your third party suppliers?
- Review third party access, remove access that is no longer required e.g., temporary contractors or organisations who no longer provide services to your organisation.
Brief your organisation
- Ensure that teams understand the situation and the heightened threat. Make sure all employees understand how to report suspected security events.
Gemserv are expert provides of Cyber Security services to industry and public sector. Our extensive expertise across risk management, cyber security and governance enables us to help organisations to ensure that the correct processes and procedures are in place to protect themselves.
We work with organisations to develop a robust framework which drives the policies and processes taking a risk-based approach, enabling you to anticipate and plan for changes and developments ahead.
We’d welcome any questions you have on the best form of cyber defences and mitigating the risks of cyber-attacks. Please get in touch if we can support your organisation during this period of heightened cyber threats.