In times of international conflict, it can be easy to overlook the heightened threat that your organisation and users may face from cybersecurity threat actors. Russia is well known as an active threat to other nation states, critical infrastructure and commercial interests. The recent invasion in Ukraine and the response from the West and its allies has led to concerns that the cyberwar will step up pace and be used as a different attack vector to respond to sanctions and economic pressure. Now is the time to take action and consider both external and internal threats.
To date, little additional external threat activity has been reported, but that does not mean there is nothing that can be done to prepare. The National Cyber Security Centre (NCSC) which is part of GCHQ issued guidance on steps to take when the cyber threat is heightened. This suggests 11 actions that organisations can take to assess whether their cyber risk posture has changed and perhaps act more aggressively/accept reduced service levels in order to manage that risk effectively.
As a minimum, organisations should review their existing defences and assess any areas needing priority focus. RTG would recommend prioritising 5 key questions:
Are our existing defences working as expected?
Are patches up to date?
Are users aware of risks from phishing and how to report it?
Do we understand potential vulnerabilities from our supply chain?
Do we have an up to date incident response plan and do we know how to follow it
But the other role of an organisation's security function is to provide reassurance and guidance to people, not just systems. In a world of remote working, understanding threats to individual staff members is also critical.
Do you understand where your workers are currently located?
Do they know how to protect company assets when working remotely?
Do any of your personnel need additional advice or assistance based on an individual risk assessment?
RTG recommend that you liaise with the HR team to co-ordinate any communications or advice to staff - these communications should remind personnel of additional support services that your organisation offers (such as counselling or other wellbeing support). Our other top tip, is over-communicate rather than under-communicate. Provide managers and senior leadership with lines to take and common questions (FAQs) for staff meetings, blogs and emails. Create posters that can be put on staff notice boards and can also be distributed via electronic communication.
And don't forget that this crisis affects everyone - there may be strong views about the rights and wrongs, but all members of staff must be treated equally and respectfully - your risk assessment and response should include all personnel regardless of nationality or location. Staff wellbeing may not be a natural consideration of cyber security personnel, but consider the context of insider threat and the value of risk assessing and taking care of your staff becomes more apparent.
If you are concerned about your organsational readiness, take a look at the NCSC pages or give us a call. We offer a free one-hour consultation that you can use to finish a threat assessment, review your risks and defences, or simply discuss approaches you can take during these tumultuous times.
If you'd like to support more directly, take a look at the DEC donation page - they provide food, water, shelter and medical assistance to those who are directly affected both in Ukraine and in neighbouring countries.