NCSC Issues Fresh Call To Bolster Online Defences

GCHQ’s National Cyber Security Centre (NCSC) has on Tuesday made a fresh appeal for UK organisations to act now in order to bolster their cyber security resilience.

Last month NCSC warned British organisations to prepare their cyberdefences in light of the worsening geopolitical situation in and around the Ukraine.

But now after Russia has invaded two rebel-held regions in eastern Ukraine late on Monday, NCSC has reiterated its call for organisations to bolster their online defences.

Russian invasion

“While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences,” the agency warned.

“The guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack,” it added.

Its guidance for organisations amid Russia’s further violation of Ukraine’s territorial integrity, is available here.

The guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack.

It comes after the Russian invasion impacted cryptocurrencies and wiped billions of dollars off the value of multiple crypto assets.

Russian President Vladimir Putin for his part insist Russian troops are acting in a “peacekeeping” role in the separatist regions of Donetsk and Luhansk, which Moscow recognised as independent states on Monday.

The fear is that Russia will not stop there, and Western countries have already responded with additional sanctions against Russia and its interests.

Expert take

One security expert said British organisations cannot stop every attack, but they need to ensure they have the appropriate defences in place to protect what can be their most precious commodity – data.

“Whilst you can see tanks rolling across borders an invisible war is also being waged,” noted Dan Davies, CTO at Maintel. “Cyber criminals are now armed to the teeth, with some receiving the backing of rogue states.”

“Consequently, organisations are increasingly outwitted, outgunned, and outflanked by hackers,” said Davies. “However, companies cannot just roll over, they must instead enforce a belt and braces approach to cyber-security.”

“Organisations find themselves at the centre of a cyber war,” said Davies. “More stories are breaking of devastating breaches, exposing more vulnerable data than ever before. No matter what size the company, no one is safe from cyber-attackers without a carefully regimented plan for protection, detection and response.”

“Cyber criminals don’t take holidays, so ensuring data is secure must be a 24/7 job,” said Davies. “It only takes a single vulnerability to enable a breach. Whilst organisations cannot stop every attack, they need to understand how attacks occur and put in place the appropriate defences to protect what is often their most valuable asset, data.”

Previous aggression

Russia of course has invaded Ukraine previously, when it illegally seized and annexed Crimea from Ukraine in 2014.

Amid the tense stand-off, Ukraine last month suffered a massive cyberattack that impacted at least 70 government websites, as well as the US, UK and Swedish embassies.

Then last week Ukraine’s Ministry of Defence suffered from a DDoS attack that prevented users from accessing its website.

Two local banks were also attacked.

The United States and Britain said those attacks were carried out by Russian military hackers, but Russia has rejected the allegations.

Meanwhile Reuters has reported that six European Union countries, namely Lithuania, Netherlands, Poland, Estonia, Romania, Croatia, are sending a team of cybersecurity experts to Ukraine to help it deal with cyber threats.