On Monday, the world’s largest carmaker Toyota was forced to close all of its factories in Japan for a day due to a suspected targeted hack of one its key suppliers. Similar attacks have been made against a wave of Western companies including US broadband provider Viasat and chipmaker Nvidia, all seemingly fuelled by the global response to the events in Ukraine. Russian-affiliated events are even disrupting the cyber criminals themselves, with ransomware group Conti suffering its own data leak. Following its vow to support Russia, 60,000 of the group’s internal chat messages have been published online, reportedly by a former pro-Ukranian member of the gang.
Against this backdrop, the National Cyber Security Centre (NCSC) is calling on UK organisations to bolster their online defences and urging them to follow its guidance, released this January, on actions to take when faced with a heightened cyber threat. Although the NCSC is unaware of any specific threats to UK organisations at the moment, the UK’s public support of Ukraine, together with a historical pattern of cyber attacks on Ukraine producing international consequences, means UK based organisations may well find themselves impacted by this increased risk.
NCSC heightened cyber threat guidance
The guidance aims to reduce an organisation’s vulnerability to attack and minimise the impact of any successful cyber attack to enable a swift recovery. The actions it outlines are intended to provide a base level of cyber-readiness for all types of organisations - many of which large businesses in particular will already have done – rather than a widespread overhaul of security systems.
Important steps that the guidance recommends organisations take include:
- checking that all software, firmware, internet-facing services and key systems are patched, and that antivirus software and firewall systems are up-to-date;
- verifying access controls to the organisation’s systems and ensuring that accounts have the correct level of privileged or administrative access;
- reviewing what logging is in place and whether system backups are running correctly;
- ensuring that there are offline copies of backups available;
- checking that the incident response plan is up-to-date and accessible, and that records of the organisation’s internet-facing footprint are accurate; and
- ensuring that the whole organisation understands the heightened cyber threat, including the process to report security incidents and phishing emails.
Organisations and sector regulators using the Cyber Assessment Framework are also recommended to refer to the Framework for more detailed guidance on these steps.
Further steps needed for large organisations
The NCSC has also advised larger organisations to consider taking further steps, such as prioritising cyber security improvements, revisiting risk-based decisions, delaying significant system changes, taking a more aggressive approach to applying software patches at scale and reducing system functionality where it has a greater level of cyber risk.
Clearly, these steps may have a business impact either because they require a reprioritisation of resources or result in reduced or delayed system functionality that is business critical. So, as ever, organisations will need to weigh-up the risks - balancing the business impact caused by taking these further steps against the potentially much greater business impact a cyber attack could cause.
Ultimately, although a potential Ukraine-related cyber attack has focussed attention on the steps in the NCSC guidance, it is good practice to deploy them as part of any ongoing cyber-readiness programme, particularly as cyber attacks have, in recent years, become increasingly sophisticated and frequent independent of the events in Ukraine.