Following the distressing news of Russia’s invasion of Ukraine, Lindy Cameron, CEO of the National Cyber Security Centre (NCSC) has advised all UK organisations to bolster their cybersecurity resilience. This urgent update comes in response to the recent, malicious cyber incidents happening in and around Ukraine.
National Cyber Security Centre (NCSC) CEO, Lindy Cameron authors a Sunday Telegraph article detailing the cyber risks of the Ukrainian war, with a direct message to business leaders:
“I’m sure there will be business leaders across the country who think: “It’s too complicated.” Unfortunately, for businesses today, cyber security is essential.
Given the potential impact that breaches can have, all business leaders must take this threat seriously – or risk significant business impact.”
This guide enables business leaders to understand the key facts and how the escalated cyber threats affect UK organisations:
|
Ukrainian government, banks, infrastructure, and individuals are simultaneously being targeted by state-sponsored, Russian cyberattacks. Their aim: to cause disruption and limit communications. So far, it has caused:
These cyberattacks are sophisticated and persistent. It has led to the Ukraine government deploying an 'IT army' to counter Russian cyber warfare, with EU counterparts helping in this hybrid war. As the situation in Ukraine continues to escalate, so does the risk of these attacks spreading further afield.
Government and security bodies anticipate more cyberattacks, with UK organisations potentially being caught in the conflict. While it is impossible to predict how this conflict might affect UK organisations, your existing security measures should be reassessed.
Cyberattacks do not respect geographic boundaries. An attack does not have to be directly aimed at your organisation for you to feel the impact. An attack inside a complex supply chain could seriously affect your organisation’s operations.
In the same Sunday Telegraph article, NCSC CEO, Lindy Cameron, explained the relevance of the attacks to small UK organisations:
NCSC CEO, Lindy Cameron has advised the following guidance:
I can’t stress enough, now is the time to reassess your cybersecurity.
I highly recommend proactively raising the base level of security as a matter of urgency to:
As per NCSC advice, develop a continuous improvement strategy – the following steps offer further guidance on what this might look like.
A security audit will pinpoint areas of weakness in your organisation. To help in these extraordinary circumstances, we are offering a complimentary security audit to local businesses and clients.
I welcome you to get in touch or book a no-obligation meeting in my diary. I am happy to offer guidance on best practices and discuss the most appropriate and cost-effective steps to bolster your cybersecurity resilience.
If you are worried about your resilience, there are a number of options you can take:
Employee security awareness training: Formal education of security to non-technical employees to understand their responsibilities and signs of malicious activity.
Phishing simulations: Train and test employees to identify and report email scams.
Dark web monitoring: Have your details been stolen? We find personal, business and banking details associated with your organisation that is for sale on the black market.
Endpoint detection: and response Continuous monitoring and response to advanced threats.
Disaster recovery testing: Test your disaster recovery plan and be assured that your data can be recovered after a flood, fire or cyberattack. *As recommended by the NCSC in the latest guidance
Cyber Essentials is a government-backed cybersecurity framework, designed to help organisations of any size to implement a simple yet effective security framework. Cyber Essentials protects organisations against the vast majority of cyberattacks. Cyber Essentials is the level of security government recommends to all organisations. We highly recommend that every organisation works towards this level of cybersecurity.
We can help you to pass Cyber Essentials, taking on the hard work and guiding you through the process. Our aim is to provide a hassle-free experience with easy, predictable budgeting. Get in touch if you want to find out more.
IASME Governance is a higher standard certification, one step higher than Cyber Essentials. It is designed for small/medium companies to demonstrate a good level of cybersecurity to their supply chain. It was developed in the UK as an affordable alternative to the international standard, ISO 27001.
The IASME Governance standard indicates that an organisation is taking good steps to properly protect their customers’ information and incorporates both Cyber Essentials assessment and GDPR requirements.
Ensure your team understands the situation and the heightened threat. Remind employees of the role they play in keeping you secure, including to:
Employees should actively look out for indicators of potential email compromise attacks.
Last-minute changes in wiring instructions or recipient account information must be verified.
Ensure the URL in the email is associated with the business it claims to be from.
Be alert to misspelled hyperlinks in the actual domain name.
Ensure users have updated their systems and applications to the latest release which typically includes the latest security enhancements. Accept security updates and restart your computer once a week.
Ensure everyone knows how to report suspected security events and why reporting during a period of heightened threat is so important.
Ongoing cybersecurity awareness training is the best means of encouraging a security culture in your organisation. This is included in our Enhanced Cybersecurity Package, to provide consistent training and awareness amongst all levels of staff.
The easiest way to address your organisation’s cybersecurity concerns is by booking time with me to discuss your security. I welcome you to get in touch or book a no-obligation meeting in my diary. I will be happy to offer best practice guidance, and find cost-effective steps to bolster your cybersecurity resilience.
|