At this time of uncertainty, it is vital that British companies improve their cyber resilience
In a world that is so dependent on digital assets, cyber resilience is more important than ever. At the National Cyber Security Centre – a part of GCHQ – our mission is to make the UK the safest place to live and work online, but we can’t do it alone. Now, at a time of heightened cyber threat, we are urging all organisations to follow our advice to improve their resilience.
The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain. Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas. And as tensions have risen in Ukraine in recent weeks, we have already seen a number of cyber attacks occurring. On Friday evening, the UK Government judged that the Russian Main Intelligence Directorate (GRU) were involved in last week’s Distributed Denial of Service attacks against the finance sector in Ukraine.
If the situation continues to escalate, we could see cyber attacks that have international consequences, intentional or not. Rising tensions in the region, with the risk of overspill, are why the NCSC has said that the UK’s cyber risk has increased in the past month, although there is no evidence of the UK being specifically targeted.
Ukraine has a long history of being the victim of significant online attacks with international consequences. The so-called “NotPetya” cyberattacks of 2017 were possibly those that have caused the most global disruption since the NCSC was created five and a half years ago.
Malware used by the Russian military to target Ukrainian critical infrastructure spiralled recklessly out of control to affect many other countries, including the UK. Some organisations’ business operations were crippled and IT systems were shut down.
This was far from the only time we have seen Russian attempts to carry out disruptive or destructive cyberattacks. In 2019, a range of Georgian web hosting providers were attacked, defacing websites belonging to the Georgian Government, courts and businesses – the service of several national broadcasters was also interrupted.
And in 2017, the Russian Bad Rabbit ransomware encrypted hard drives and rendered IT inoperable – causing real-world disruption to the Kyiv Metro and Odessa airport. With cyber attacks on the rise in Ukraine at the start of the year, the NCSC published updated guidance on its website setting out exactly what organisations need to be doing with their cyber defences at times of heightened international tension.
On Monday, a number of websites belonging to Ukraine’s armed forces and state banks fell victim to DDoS attacks. These have not affected the UK, but they should be a wake-up call to businesses and organisations to take the threat seriously.
So, what should an organisation in the UK do if a country hundreds of miles away is under cyber attack? Our guidance is set out on our public website – www.ncsc.gov.uk.
This advice sets out steps that can be taken right now, including ensuring systems are patched, backups checked and effective incident response plans implemented. We are committed to helping people carry out this work in a smooth and considered way – while it’s important to act at pace, businesses need to ensure they fully understand the scope of the changes they may make.
The NCSC website also has tools for boards to help them understand the real business risk they are exposed to through their cybersecurity posture. And if you haven’t tried out your incident response plans (or don’t have any yet), our free Exercise in a Box tool can help.
We are also urging organisations to accelerate plans to raise their cyber resilience in the longer term. Threats will persist and now is the time to build greater resilience for the future. We don’t expect small businesses with no IT team to become security experts overnight – the advice we give is proportionate to an organisation’s size.
I’m sure there will be business leaders across the country who think, “It’s too complicated.” Unfortunately, for businesses today, cybersecurity is essential. Given the potential impact
that breaches can have, all businesses must take the threat seriously or risk significant consequences.
But the NCSC is here to help. For weeks, we have been working with key sectors of the economy to help organisations implement vital security improvements. We also want to support a collective response – no company can be resilient in isolation, and we are helping organisations come together to build a whole-of-society approach to cybersecurity.
Naturally, we are focused on ensuring the parts of our economy and society we all rely on are resilient to cybersecurity threats – banks, energy suppliers and so on. Earlier this week, Sir Jeremy Fleming, the director of GCHQ, held talks with the leaders of UK Critical National Infrastructure organisations to urge them to strengthen their cybersecurity posture in light of increasing tensions.
While we’re grateful to the many organisations that have been engaging with us and following our advice to take pre-emptive measures, we know there are others that have yet to do so. We strongly urge them to act now.
Given the potential impact cybersecurity breaches can have, all businesses must take the threat seriously