Concerns over cybersecurity have been steadily growing in recent years, with an increase in attacks that resulted in 81.4% of UK organisations experiencing at least one cyber attack in 2021. Since then, geopolitical tensions surrounding the Russia-Ukraine conflict have further heightened the potential for cyber threats. While the UK is yet to be targeted by such threats, we should by no means get complacent, as sanctions persist and conflicts continue the potential for future threats and escalation remains. Now is the time to take action to increase your resiliency against cyber threats.
What is the current threat?
According to the NCSC (National Cyber Security Centre) multiple sources have reported that Russian state-sponsored cyber actors are already using a range of tactics to carry out malicious activities, potentially building the foundation for future offensive operations. Through broad-scale and targeted scanning, cyber actors are identifying and leveraging a number of legacy or weak protocols and service ports associated with network administration activities.
Previous Russian state-sponsored cyber attacks have consisted of DDoS attacks, and the deployment of destructive malware against the Ukrainian government and critical infrastructure organisations. With this kind of activity likely to occur in response to economic sanctions and materiel support for Ukraine, cybersecurity action for UK organisations is at best prudent, and at worst the best line of defence available.
Who is at risk?
In the context of the current geopolitical conflict, this kind of malicious activity will likely target government and public sector organisations in addition to critical infrastructure providers that are vital to our economy and society. The ISPs that support these sectors are also particularly vulnerable during this period of heightened cyber threat, and known attacks have been directed at network infrastructure devices like routers, switches, firewalls and Network Intrusion Detection Systems (NIDS).
Heightened cyber threats for critical national infrastructure organisations:
- Government and public sector
- Private sector
- Water supply
In practice though, all organisations should be reviewing and evaluating their cybersecurity posture to identify any vulnerabilities and minimise the impacts of these kinds of malicious attacks. Having more awareness of your cybersecurity during times like these can help to prioritise necessary cybersecurity work, improve your current defences, and ultimately give you the best chance of either preventing or responding to cyber attacks when they do occur.
Five actions to increase resilience against heightened cyber threats
In a heightened threat landscape that’s influenced by a number of factors, unfortunately the one thing you can’t influence is the level of threat that you’ll experience. Therefore, the only practical thing you can really do to protect your organisation is to improve your overall cyber resiliency.
Here’s five actions you can follow to increase your resilience against heightened cyber threats.
Keep systems, software and devices up to date
The first action you should take to reduce any security vulnerabilities is to ensure your systems, software and devices are all up to date. This includes all your users’ devices (desktops, laptops and mobiles) as well as third party software like your browsers and office productivity tools. Switching on automatic updates can help to ensure that patching is happening regularly across your systems, software and devices.
In addition, you should also ensure that firmware, internet-facing services and key business systems are all patched – like your central platforms, applications and software. Your organisation should also be considering how to mitigate the risks of any unpatched vulnerabilities through additional security solutions like MDR.
Review and monitor your access controls
Reviewing access controls across your organisation will ensure that privileged system administration access and confidentiality are maintained and managed. It’s also important to communicate with your staff the importance of strong and unique passwords. Any that have the potential to lead to security vulnerabilities should be updated immediately. Other practical ways to review and monitor access controls include:
- Review user accounts and remove old, unused or unrecognised accounts
- Review accounts with privileged or administrative access
- Manage and monitor accounts with privileged access
- Ensure passwords are unique to your business systems (+ make sure they are not shared across non-business systems)
Multi-factor authentication (MFA) should also be used where possible, particularly for those user accounts that have privileged or administrative access. If you already have it enabled you should check that it has been configured properly and enabled on systems and accounts in line with your policies.
Evaluate your current cybersecurity defences
Your organisation should also be evaluating the current cybersecurity defences it has in place, to ensure that software and systems are up to date and working effectively against any potential threats. Make sure your antivirus software is installed and confirm it is active on all systems. In addition, reviewing your firewall rules will help to minimise opportunities for attack and give you the chance to check for temporary rules that may still be active beyond their initial expected lifetime. Conducting a pen test where possible will also allow you to evaluate and verify the effectiveness of your current cybersecurity defences.
If your organisation is looking to improve its security posture with a more robust defence system, discover Brightsolid’s Managed Detection and Response.
Make sure your infrastructure is backed up
Your backup systems are vital to enable your organisation to continue to function in the event of a successful cyber attack. If your primary data becomes corrupted or inaccessible, you need to know that your infrastructure has been backed up successfully and securely.
You should firstly confirm that your backups are running correctly, and secondly that you have an offline copy of your backup available. Check to make sure that it is also recent enough to be functional in the case of lost data or system configuration. Another practical action you can take is to perform test restorations so the process is understood and familiar.
Tip: the NCSC also recommends backing up machine state and critical external credentials, such as private keys and access tokens, in addition to your data.
Evaluate your incident response plan
In the event of a worst-case scenario your organisation should be prepared with an incident response plan to ensure that any active threats and attacks are identified, escalated and mitigated as effectively and efficiently as possible. Even if your business systems become inaccessible you need to know that your response plan and lines of communication will be available.
In addition, it should be clear who has the authority to approve key decisions, and if you don’t have a 24/7 SOC you will need to evaluate your plan for escalation and response outside of working hours.
Areas to evaluate:
- Escalation routes – what do they look like?
- Contact details – are they available and up to date?
- Communication mechanisms – what are they?
Additional cybersecurity steps
These five actions are some of the fundamentals of your cybersecurity, and at this time they should be revisited to maintain resilience against the heightened risk of cyber threats. If applicable, your organisation might want to also consider accelerating any cybersecurity development plans, putting in place contingency for additional security resources (e.g., extended operating hours), and assessing where you might be able to accept slight impacts to service and functionality in order to minimise the exposure to threat.
For further information and guidance on the current state of heightened cyber threat, you can visit the NCSC website.