With the ongoing situation in the Ukraine, now more than ever we must be cyber aware and resilient and contribute to our national security.
Governments, defence and security experts have warned for weeks that Britain, the US and the EU should brace for a wave of crippling cyber attacks. In the UK the Home Office, GCHQ and the National Cyber Security Centre have all issued warnings and guidance to businesses to “bolster their online defences.” Furthermore, in an announcement on 21 March the US President Joe Biden warned the United States of the risks posed by cyber-attacks and that they would be “consequential” and were “one of the tools [Putin] is most likely to use.” He urged business leaders to strengthen their companies’ defence systems immediately as a cyber war was “coming.”
But why would a war between Russia and Ukraine result in cyber-attacks on the UK, US & EU? From a strategic perspective, there is a significant risk that Russia will continue to create instability in the “West” and specifically the UK to distract focus and attention away from the situation in Ukraine and onto closer, acute problems at home. Today this is easier to achieve virtually by means of cyber-attacks.
To achieve instability and distraction, we may find cyber-attacks targeting services upon which we rely heavily on a day-to-day basis – health, banking, utilities, water, transport infrastructure and supply chains etc. Critical National Infrastructure should be relatively hardened to attacks, and they will, more than ever, be at a heightened state of vigilance. The cyber attackers know this and thus will be looking to find less obvious routes to target critical infrastructure potentially through businesses that are suppliers to the critical infrastructure and easier to hack. No business will want the association or ignominy of being the weakest link.
Businesses should make themselves as hard to hack as possible at all times, but more so now than ever. A security programme cannot be established overnight, but the best time to start is today.
CSS Platinum can help. In the interim, heightened vigilance and discipline is critical to defending against a cyber-attack.
At minimum, business and individuals should consider the following:
• Communicate with your staff and families so they understand the risk and practice increased vigilance.
• Resetting passwords in case they may have already been breached in historic breaches and are enabling cyber-criminal access to your web portals and email accounts – this is the single greatest defence tool and should not be overlooked.
• Think twice before opening or clicking links in any suspicious, or even non-suspicious emails.
• Implementing Multi-Factor Authentication wherever possible.
• Ensuring that software upgrades and patches are up to date.
• Dusting off, reviewing and rehearsing incident response plans – so you know how to respond swiftly to any attack and can minimise their potential scope and scale.
• Ensuring that all critical information is backed up, off-network in case of a ransomware attack.
Cyber security and resilience is now and forevermore a life skill and one that everyone should take some time to learn. As the adage goes, prevention is always better than cure. Act now, rather than experiencing regret later.”
Be Disciplined, Be Hard to Hack, Be Safe.
Michael Wills, co-founder and chief data officer for CSS Platinum.