The UK’s National Cyber Security Centre has published urgent guidance to organisations in light of the activities undertaken by the Russian military’s Cyber Warfare teams. Businesses and organisations need to bolster their cyber defences in response to the geopolitical instability in and around Ukraine.
Organisations should review and update their cyber security measures after the recent reports of malicious cyber incidents that fit with previous Russian behaviour patterns, including the damaging NotPetya incident in 2017. The NCSC is investigating those reports, similar to the cyberattacks allegedly conducted by the Russian military’s GRU unit against Georgia in October 2019. The UK Government has publicly attributed responsibility for these attacks to the Russian Government.
The UK’s NCSC said it is not aware of any current specific threats to UK organisations concerning events in and around Ukraine; however, they have issued the following recommendations for businesses:
- patching all IT systems, including firmware of hardware and IoT devices;
- reviewing access controls and making improvements where necessary;
- enabling multi-factor authentication;
- implement an effective incident response plan or engage with a partner to assist in creating one;
- review backups and test that restores work; and
- check online defences are working.
Paul Chichester, NCSC director of operations, said: “Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
Hedgehog offers Penetration Testing services along with Cyber Security Health Checks that can help in reviewing your Cyber Security footing. For more information on our Cyber Security Health Check, please visit our page