Our response to the geopolitical cyber threat

As the tragic events in Ukraine unfold, their impact is being felt across the globe. The crisis will affect the already turbulent cyber threat landscape. The UK’s middle market needs to act now to protect itself from what could be coming.

Why is this such a dangerous threat? 

Cyber criminals prey on the vulnerable during times of disruption, as we saw during the coronavirus pandemic. As the world, once again, enters into a period of considerable unrest and economic uncertainty, it is a perfect storm for increased cyber-attacks. Organisations will have to stay up to date with the complex regulatory and cyber-threat environment they operate in. 

The UK National Cyber Security Centre (NCSC) has confirmed it is not aware of any specific threats to UK organisations. However, it has confirmed that there was a Distributed Denial of Service (DDOS) attack by Russia on a Ukrainian financial services firm in early April 2022.

The decision to remove Russian access to the Society for Worldwide Interbank Financial Telecommunication (SWIFT), the global financial artery that enables the quick and seamless transfer of money across borders, could have a significant impact on UK businesses. Russian cyber-criminal gangs could decide to make UK organisations a high priority target in retaliation for the sanctions against Russia.

What should businesses be doing?

The NCSC has identified a list of typical vulnerabilities that Russian hackers are known to exploit. The list includes DDOS and ransomware attacks. Organisations have been advised by the Computer Sciences Corporation (CSC) to bolster their defences and focus on ensuring that fundamentals are in place.

Here are some of those fundamentals that your business should consider:

• Understanding your exposure by doing a threat and risk assessment. Include the typical vulnerabilities along with any data exchanges with the region, but also consider political exposure based on your investments, customers and stakeholders.
  
  
• Doing a threat and risk assessment of your outsourced functions and third-party providers on any offshored development work performed near Russia or Ukraine.
  
  
• Treating your cyber-incident response preparation as a focus point. Tailor scenarios according to the current threat and risk landscape, and consider key risk areas such as insider threat, supply chain security, ransomware and malicious actors.
  
  
• Developing a more proactive and aggressive approach to patching systems during this period, and delaying any significant system changes that could introduce new vulnerabilities.
  
  
• Considering an extension to the operating hours of your security team or Security Operations Centre (SOC).
  
  
• Getting to know your cyber-insurance policy. These typically contain exclusions applied during times of ‘warfare’ or to ‘acts of God’. Consider the specific implications for your business and identify steps you could take to mitigate any damage.