Recent geopolitical instability, and the UK’s response to the Ukrainian conflict, has increased the frequency and scale of cyber-attacks and cyber-related crime targeted at Western Europe. The UK National Cyber Security Centre (NCSC) has published relevant guidance on how to scale cyber security controls to ensure that your risk appetite and security posture match the increased risks posed.
- Software and firmware Patch Management: Ensure that your Patch and Firmware management processes are up to date and that all critical patches are being deployed to your entire infrastructure in a timely manner.
- Access Controls: Review all of your Administrator accounts for your network and service applications and disable or delete any that are not required. Administrator accounts are those that have enhanced privileges and are key targets for hackers.
- Understand and individualise risks: Senior management and risk owners need to ensure that cyber risk is understood at all levels and that risks are granular, rather than a nebulous single ‘cyber risk’ on a register. This should include considering current risks of phishing, malware and ransomware, resilience, and incident responsiveness.
- Provide heightened awareness for staff and leadership: Ensure that staff recognise the heightened threat and are provided with awareness materials regarding common types of cyber-attack. Communicate best practices to counter threats such as phishing / ransomware, and first response processes to follow.
- Test current plans: Cyber incident response plans must be in place and tested to ensure they operate as expected. This can be via a table-top exercise if a simulated attack is not viable for the organisation.
- Robust off line Data and System Backups: Backups must be implemented and kept offline from core systems. In addition, scheduled backup test restores are needed to ensure that they are viable. Tapes and cloud backups are the most common ways to do this.
- Get assurance defences are robust: Ensure that defences have been assessed with vulnerability scanning or penetration testing. This should be performed across the most vulnerable and targeted aspects of your organisation. Also consider Cloud systems, Remote access systems, Third Party connections, Main internal network gateways and any internet-facing services as highest value targets for disruption.