Cybersecurity: 11 steps to take as threat levels increase
Author
Publisher
Date Published

The UK’s security agency has told organizations of the steps to take to beef up their defenses “when the cyber threat is heightened” by zero-day software flaws or geopolitical tensions. 

The National Cyber Security Centre (NCSC) is not alone in warning companies to take action. Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) also warned all organizations to take “near, urgent steps” to mitigate critical cyber threats in response to last week’s cyberattacks on Ukraine government websites and IT systems. This advice comes amid growing fears of a Russian invasion of Ukraine.

CISA raised the alarm after Microsoft discovered wiper malware, dubbed “WhisperGate”, on several Ukraine systems. CISA reminded US businesses of NotPetya, the wiper malware that targeted Ukraine organizations in 2017 via a tainted update to a popular accounting software package, but that also infected worldwide IT networks of US and European businesses. The attack cost European and US businesses billions of dollars in the White House’s estimates

Rafe Pilling, senior security researcher at Secureworks’ Counter Threat Unit, reckons US and European organizations could become casualties of WhisperGate in a similar fashion. 

“While it is unlikely that organizations outside of Ukraine will be directly targeted, customers should consider their exposure to collateral damage via service providers or business partners in Ukraine,” said Pilling.

“Organizations should be extra vigilant and maintain current backups of business-critical systems and data, exercise restoration processes before they are needed, and ensure that backups cannot be impacted by ransomware-style or wiper malware attacks.”

So what should potentially affected businesses and public agencies in the UK and elsewhere do to mitigate the risk of becoming collateral damage? 

The UK’s NCSC says organizations need to balance cyber risks and defense and notes there “may be times when the cyber threat to an organisation is greater than usual.”  

Triggers for heightened risk include a spike in adversary capability from new zero-day flaws in popular software, or something “more specific to a particular organisation, sector or even country, resulting from hacktivism or geopolitical tensions,” says the NCSC. 

The NCSC’s answer is to control what you can because you can’t control the threat level. And that means patching systems, checking configurations and shielding the network from password attacks. 

“It is rare for an organisation to be able to influence the threat level, so actions usually focus on reducing your vulnerability to attack in the first place and reducing the impact of a successful attack,” NCSC says.

Like CISA, the NCSC has provided a checklist of fundamental cybersecurity actions that are “important under all circumstances but critical during periods of heightened cyber threat.” They’re important to do because organizations probably can’t quickly implement widespread changes when threat levels rise.  

NCSC’s list includes: