The National Cyber Security Centre (NCSC) has published guidance for organisations to improve their cyber resilience in response to fears of a heightened threat connected to Russia’s invasion of Ukraine.
It said it is not aware of any current specific threats to UK organisations in relation to the conflict, but there has been a historical pattern of cyber attacks on Ukraine with international consequences.
The guidance has been designed to encourage organisation to follow actionable steps to reduce the risk of falling victim to an attack.
It includes four categories: balancing cyber risk and defence; the factors affecting an organisation’s cyber risk; actions to take; and advanced actions.
Good practice
Recommended actions include steps generally seen as good practice such as checking system patching, verifying access controls, logging and monitoring, reviewing back-ups and checking the organisation’s internet footprint.
Those with more resources available should also take the advanced actions such as looking again at any risk based decisions on technology services and systems, taking an aggressive approach to patching, and considering extended operation hours for a security team.
The guidance adds that while the threat is considered higher large organisations should think about delaying any significant system changes that are not security related.
