National Cyber Security Centre (NCSC) urges UK organisations to bolster their online defences following Russia’s invasion of Ukraine
The NCSC – which is a part of Government Communications Headquarters (GCHQ) – has urged organisations to action the following guidance.
Steps to take when cyber threat level is heightened
- Security patching – Check your systems and endpoints are all patched including third-party software such as browsers and office productivity suites
- Verify access – Ask staff to ensure their passwords are unique to your business systems, multi-factor authentication (MFA) is enabled and administrative privileged access, or other rights, are carefully managed again using MFA.
- Ensure defences are working – Antivirus or EDR software is installed on all active systems, and it is up to date and functioning correctly. For firewalls and other perimeter security devices specifically check there are no temporary rules that have been left in place beyond their expected lifetime and are configured to provide just enough access only.
- Logging and monitoring – Understand what logging you have in place, where logs are stored, and how long logs are retained for. Monitor key logs at a minimum and monitor antivirus logs.
- Review your backups – confirm that your backups are running correctly, perform test restorations so that the process is familiar. Check that there is an offline copy of your backup and that it is recent enough to be useful if an attack results in loss of data or system configuration. Ensure machine state and private keys are also accessible.
- Incident plan – Check you incident response plan is up to date, confirm that escalation routes and contact details are up to date. Ensure that the incident plan contains clarity on who has the authority to make key decisions especially out of normal office hours. Ensure your incident response plan and communication mechanisms will be available.
- Check your internet footprint – check that records of your external internet-facing footprint are correct and up to date including IP and DNS information is held securely. Perform an external vulnerability scan of your whole internet footprint and check that any systems that require patching have been actioned.
- Phishing response – Ensure that staff know how to report phishing emails and a process is in place to deal with are reported incidents
- Third party access – If third party organisations have access to your IT networks or estate make sure you have a comprehensive understanding of what level of privilege is extended into your systems and to whom. Remove any access that is no longer required.
- Brief your wider organisations – ensure other teams understand the heightened threat.
If your organisation has deprioritised these areas of the basic Cyber Assessment Framework, you are advised to revisit those decisions immediately when the threat is heightened.
Solace Cyber have had many years of experience protecting clients throughout Cyber Risk escalation periods. The NSCC does not make these recommendations lightly and we have seen previous advisories come to fruition with Covid and ransomware.
Solace Cyber Advice
- It is recommended to follow NCSC guidance, if you are unsure of your current security posture, Solace Cyber can perform an independent assessment for you.
- We can give your organisation a mature incident response plan, that can be live within 24 hours.
- There is a specialised emergency threat prevention package that can be taken on a 6 month contract during this period of heightened risk and uncertainty.
Emergency Threat Prevention Package