Cybersecurity concerns have been steadily growing in recent years, with increased attacks that resulted in 81.4% of UK organisations experiencing at least one cyber attack in 2021. Since then, geopolitical tensions surrounding the Russia-Ukraine conflict have further heightened the potential for cyber threats. While the UK is yet to be targeted by such threats, we should not get complacent; as sanctions persist and conflicts continue, the potential for future threats and escalation remains. Now is the time to take action to increase your resiliency against cyber threats.
What is the current threat?
According to the NCSC (National Cyber Security Centre), multiple sources have reported that Russian state-sponsored cyber actors already use various tactics to carry out malicious activities, potentially building the foundation for future offensive operations. Through broad-scale and targeted scanning, cyber actors identify and leverage legacy or weak protocols and service ports associated with network administration activities.
Previous Russian state-sponsored cyber attacks have consisted of DDoS attacks and deploying destructive malware against the Ukrainian government and critical infrastructure organisations. With this activity likely to occur in response to economic sanctions and material support for Ukraine, cybersecurity action for UK organisations is, at best, prudent and, at worst, the best line of defence available.
Who is at risk?
In the context of the current geopolitical conflict, this kind of malicious activity will likely target government and public sector organisations and critical infrastructure providers vital to our economy and society. The ISPs that support these sectors are also particularly vulnerable during this period of heightened cyber threat, and known attacks have been directed at network infrastructure devices like routers, switches, firewalls and Network Intrusion Detection Systems (NIDS).
Heightened cyber threats for critical national infrastructure organisations:
- Government and public sector
- Private sector
- Energy
- Water supply
- Transportation
- Telecommunications
In practice, though, all organisations should review and evaluate their cybersecurity posture to identify any vulnerabilities and minimise the impacts of these malicious attacks. Having more awareness of your cybersecurity during times like these can help prioritise necessary cybersecurity work, improve your current defences, and ultimately give you the best chance of either preventing or responding to cyber attacks when they occur.
Five actions to increase resilience against heightened cyber threats
In a heightened threat landscape that’s influenced by several factors, unfortunately, the one thing you can’t control is the level of threat you’ll experience. Therefore, the only practical thing you can do to protect your organisation is to improve your cyber resiliency.
Here are five actions to increase your resilience against heightened cyber threats.
Keep systems, software and devices up to date
The first action you should take to reduce any security vulnerabilities is to ensure your systems, software, and devices are up to date. This includes all your users’ devices (desktops, laptops and mobiles) and third-party software like your browsers and office productivity tools. Switching on automatic updates can help to ensure that patching is happening regularly across your systems, software and devices.
In addition, you should also ensure that firmware, internet-facing services and key business systems are all patched – like your central platforms, applications and software. Your organisation should also consider mitigating unpatched vulnerabilities through additional security solutions like MDR.
You can find out the Four reasons why MDR is right for your organisation here.
Review and monitor your access controls
Reviewing access controls across your organisation will ensure that privileged system administration access and confidentiality are maintained and managed. It’s also important to communicate with your staff the importance of strong and unique passwords. Any potential to lead to security vulnerabilities should be updated immediately. Other practical ways to review and monitor access controls include:
- Review user accounts and remove old, unused or unrecognised accounts
- Review accounts with privileged or administrative access
- Manage and monitor accounts with privileged access
- Ensure passwords are unique to your business systems (+ make sure they are not shared across non-business systems).
Multi-factor authentication (MFA) should also be used where possible, particularly for those user accounts with privileged or administrative access. If you already have it enabled, you should check that it has been configured properly and enabled on systems and accounts according to your policies.
Evaluate your current cybersecurity defences.
Your organisation should also be evaluating the current cyber security defences it has in place to ensure that software and systems are up-to-date and working effectively against any potential threats. Ensure your antivirus software is installed and that it is active on all systems. In addition, reviewing your firewall rules will help minimise opportunities for attack and allow you to check for temporary rules that may still be active beyond their initial expected lifetime. Conducting a pen test where possible will also allow you to evaluate and verify the effectiveness of your current cybersecurity defences.
If your organisation wants to improve its security posture with a more robust defence system, discover Brightsolid’s Managed Detection and Response.
Make sure your infrastructure is backed up
Your backup systems are vital to enable your organisation to continue to function in the event of a successful cyber attack. If your primary data becomes corrupted or inaccessible, you must know that your infrastructure has been backed up successfully and securely.
You should confirm that your backups are running correctly and that you have an offline copy of your backup available. Check to make sure that it is also recent enough to be functional in the case of lost data or system configuration. Another practical action is performing test restorations to understand and familiarise the process.
Tip: The NCSC also recommends backing up machine state and critical external credentials, such as private keys and access tokens, in addition to your data.
Evaluate your incident response plan.
In a worst-case scenario, your organisation should be prepared with an incident response plan to ensure active threats and attacks are identified, escalated and mitigated as effectively and efficiently as possible. Even if your business systems become inaccessible, you need to know that your response plan and lines of communication will be available.
In addition, it should be clear who has the authority to approve key decisions, and if you don’t have a 24/7 SOC, you will need to evaluate your plan for escalation and response outside of working hours.
Areas to evaluate:
- Escalation routes – what do they look like?
- Contact details – are they available and up to date?
- Communication mechanisms – what are they?
Additional cybersecurity steps
These five actions are some of the fundamentals of your cybersecurity, and at this time, they should be revisited to maintain resilience against the heightened risk of cyber threats. If applicable, your organisation might also want to consider accelerating any cybersecurity development plans, putting in place contingency for additional security resources (e.g., extended operating hours), and assessing where you might be able to accept slight impacts to service and functionality to minimise the exposure to threat.
For further information and guidance on the current state of heightened cyber threats, you can visit the NCSC website.