On day eight of Russia’s invasion into Ukraine, the risk of kinetic war spilling over into global cyber systems remains high. Here, Peter Lee, worldwide strategic security engineer at Cato Networks, offers practical tips for immediate protection...
Russian cyber threats are proliferating by the day, with threat-actors actively targeting businesses worldwide. We have already seen incidents affecting power grids, pipelines, banks, businesses of all sizes, and even hospitals.
Now, with tensions at breaking point surrounding the Russian invasion of Ukraine, global organisations are being cautioned to bolster their online defences.
But while this is well-meaning advice, where do businesses even start when building a solid protection plan for themselves?
The National Cyber Security Centre (NCSC) has urged UK organisations to “strengthen their cyber resilience in response to the situation in Ukraine.” Here are eight double-down steps that can be taken to prepare for imminent cyber threats, in accordance with the NCSC’s advice.
Eight ways to prepare for imminent cyber threats
1. Restrict administrative access
The first thing organisations can do is to gain control of their IT administration. This means knowing who is accessing the network to make changes, and from where. Any shadow-admins must be disabled, and all other administrators should implement strong multi-factor authentication (MFA) to protect their accounts. Any individual who is not granted the power to make changes should be set to view-only privileges.
2. Evaluate remote and mobile usage
Following the mass transition to remote work, organisations should now be reviewing their mobile and remote user accounts. Any inactive accounts should be deleted and manually created mobile user accounts filtered for any unexpected users. Any configuration settings that seem abnormal or irrelevant should be removed.
3. Regulate network access
Access should be restricted to:
- The right people (such as employees and contractors)
- Devices that comply with security standards
- Operational regions
- Working hours
- Only necessary/known applications and data
4. Apply firewalls
Once access is restricted to the necessary people and devices, it’s vital to implement Next-Generation Firewalls (NGFW). This works to inspect traffic to and from the internet, the cloud and resources in the data centre.
Additionally, any rules should be inspected for suitability and if possible, organisations should engage professional services for a comprehensive firewall review.
5. Log everything
All network traffic should be monitored and logged to be able to perform forensics on both real-time and historic data. If using cloud providers, it’s vital to check whether these have the correct capabilities.
6. Inspect traffic
This includes encrypted traffic; while this protects sensitive traffic from threat-actors, they can also use it to hide among the noise and prevent detection. All encrypted traffic should be monitored for malicious activity, particularly looking for any unexpected use of encryption across the network.
7. Enable threat protections (such as IPS and anti-malware)
Even small to mid-size organisations are at risk of being targeted by ransomware gangs or other financially motivated cyber criminals. As such, all organisations should implement enhanced threat protection services to spot attacks in networks or files. There should be particular emphasis on next-generation anti-malware to prevent zero-day attacks.
8. Implement 24/7 security
Most attacks occur when it is most inconvenient for an organisation – in other words, when they have their guard down. This is why it is vital to implement 24-hour protection to detect and respond to any threats outside of normal working hours.
Cultivate a rock-solid security posture
More suggestions from the NCSC include device patching, log retention, and configuration back up. With the current heightened risk of attack, organisations must ensure they have a rock-solid cybersecurity posture in order to survive any potential breach and avoid disruptions and further damage.