What can your business do to protect against the escalating cyber threats linked to the Ukraine situation?
Modern warfare isn’t just fought on the ground. Devastating attacks are being launched in the cyber world to cause disruption and confusion. Just look at the impact of the recent Colonial Pipeline attack or the breach of the NHS computer systems in 2017.
After having something of a track record for launching cyber-attacks as part of their military defence, the Russian government’s current conflict with Ukraine caused the National Cyber Security Centre (NCSC) to update its guidance and urge UK businesses to increase their protection.
Read on to discover the steps you can take to protect your business against the risk of escalating cyber threats linked to the situation in the Ukraine and why safeguarding your place in cyberspace now is more important than ever.
What’s the current threat to UK businesses?
Whilst no threat has been formally identified at present within the UK, the current cyber activity in Ukraine and the surrounding territories is similar to those experienced just before the NotPetya and Georgia cyber-attacks, both of which have been attributed to the Russian Government.
It’s suspected that a large scale, disruptive cyber-attack is coming as the Russian government continues its campaign against Ukraine. As in previous breaches, the impact of a domestic attack could have far reaching consequences, with the international community (including businesses in the UK) adversely affected.
The cyber-attacks used by Russia in the past have been hostile and destabilising. As well as using breaches to undermine governments and sovereignty, they have the power to disrupt organisations across Europe and the rest of the world causing great economic loss.
How can I protect my business as things escalate?
There are several steps you can take to safeguard your business online as the situation escalates in Ukraine. As with any cyber security solution, identifying threats and formulating an effective incident response plan which contains actionable steps to alleviate or even eliminate them is the key to bolstering your defences.
Using the ISO 27001 framework as your standard for managing information security risk is highly recommended, particularly in light of the current situation.
By calling on experienced ISO 27001 consultants, you can ensure compliance, best practice and improve the security of all your assets, including your financial information, intellectual property, employee details, and third party data. This will provide vital assurances for your entire organisation, and promote resilience and protection whatever the events in the Ukraine bring.
What additional steps can I take to minimise the risk of cyber threats?
Simple but effective cyber security basics like patching shouldn’t be overlooked. By patching your systems and third party applications you can keep abreast of the vulnerabilities that could result in cyber security issues later down the line.
Ensuring that all your cybersecurity defences, including your antivirus software and firewalls, are up to date is integral to protection online. Backups should be reviewed and test restorations completed to deliver ultimate peace of mind should the worst happen.
Improving the strength of access controls across your organisation is another must. Make sure staff are clued up on password guidance, and aren’t using weak passwords or sharing passwords across your business systems and their non-business networks. Passwords should be unique and multi-factor authentication (MFA) enabled where possible.
Briefing and training staff to ensure your company’s phishing response is up to scratch will help to appropriately defend against phishing attacks, minimise disruption to business operations and enhance the overall resilient of your organisation.
Your employees have a vital part to play in your defence against cyber security breaches. As a result, employees across all areas of your business should be briefed to understand the current situation and the heightened risk.