NCSC Updates Guidance in response to recent events in Ukraine
The National Cyber Security Centre (NCSC), which is part of GCHQ, has updated its guidance. UK organisations are being urged to bolster their cyber security resilience in response to recent malicious cyber incidents in and around Ukraine.
These incidents have a similar to previous attacks, including the destructive NotPetya attack in 2017 and cyber attacks against Georgia. The UK Government has previously attributed responsibility for both these attacks to the Russian Government.
While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, the guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack; including:
- ensuring your systems are updated with the latest ‘patch’ updates
- effectively controlling system access and enabling multi-factor authentication
- implementing an effective incident response plan
- checking that backups and restore mechanisms are working
- ensuring that online defences are working as expected
- keeping up to date with the latest threat and mitigation information.
The NCSC has also advised organisations to report all cyber attack to their incident team.
Pete Rucinski, Assure Technical’s MD says “it is more important than ever for organisations, whether big or small, to take cyber security seriously. Cyber attacks are more more prevalent than ever and can result in significant financial, operational and reputational damage. It has to be a key agenda item at board level if organisations are going to protect themselves effectively.”
Worryingly, an Ipsos MORI survey of more than 1,200 UK businesses and 500 charities, conducted on behalf of the government in 2021, found that:
- just 23% of businesses had used information or guidance from the NCSC to inform their approach to cybersecurity over the previous 12 months.
- only 19% of businesses said they had adopted government-backed cybersecurity standards under the Cyber Essentials scheme.
- 60% of businesses said they had not formally assessed or managed the potential cyber risks in their supply chains within the 12 months prior to being surveyed,
- 51% of businesses have written policies for managing cybersecurity incidents.
Are you concerned about your cyber resilience?
Don’t worry. There are a number of straightforward steps you can take to bolster your cyber resilience:
Developed by the NCSC, Cyber Essentials sets the baseline standard for cyber security. Organisations who obtain the standard are able to demonstrate that they have key cyber security controls in place and are protected from 80% of cyber attacks.
Most data leaks are caused by human error. Cyber Awareness training will help prevent your team being exposed by phishing emails, identity fraud and ransomware.
Regular scans of your IT systems are a highly effective way of identifying and addressing vulnerabilities within your IT systems before the become exposed by cyber criminals.
Penetration tests, otherwise known as ‘pentests’ can be a highly effective. The process involves ethical hackers attempting to penetrate your IT infrastructure and/or web applications to see how they would stand up against the latest cyber threats. Again, this allows you to proactively identify and address vulnerabilities.
Here to help
Assure Technical keep cyber security simple. Our objective is to provide expertise with a personal touch – no cut corners, no jargon, no waffle, just straight-talking security solutions.
