Heightened cyber risk due to global events
The information below has been issued by the Office of Cyber-Security & Information Assurance in respect of cyber threats arising from an increase in tensions in Russia and the Ukraine.
Recent events surrounding Russia and the Ukraine have been widely reported in the news, even spilling out into other areas in the region.
Some of these events have been classed as ‘cyber’ by the nature of their targets or methods, i.e. websites attacked and railway systems compromised.
During times of increased tension between Russia and neighbouring countries, there is a historical pattern of increased malicious or hostile cyber activity coming from Russia or its allies.
Whilst OCSIA is not aware of any current specific threats to the Isle of Man, UK or any UK organisations in relation to events in and around Ukraine, we would urge businesses to consider following the below actionable steps that reduce the risk of falling victim of an attack, including:
- patching systems;
- improving access controls and enabling multi-factor authentication;
- implementing an effective incident response plan;
- checking that backups and restore mechanisms are working;
- ensuring that online defences are working as expected, and;
- keeping up to date with the latest threat and mitigation information.
The fact that there is no specific threat does not exclude the possibility of indiscriminate or collateral impacts as a result of cyber activity.
Previous examples of such could be cited as the WANNACRY ransomware that impacted the NHS – they were not an intended target. NOT-PETYA was intended for the Ukraine but it impacted global supply chains and logistics.
All staff should be encouraged to be aware of their role in keeping systems safe, including not clicking on suspicious links, reporting suspicious emails and taking care when working remotely.
Secure computer systems are only one part of effective preparation against a cyber-attack. All businesses should consider being prepared in the event of a systems outage to enable the business to operate.
As a minimum, OCSIA would recommend:
Confirm they have an up to date and tested incident response plan or business continuity plan. This should include details of key systems and, where appropriate, manual contingency plans in the event of a systems outage.
- Confirm that escalation routes and contact details are all up to date.
- Ensure that the incident response plan contains clarity on who has the authority to make key decisions, especially out of normal office hours.
- Ensure the incident response plan and the communication mechanisms it uses will be available, even if business systems are not.
If any business requires further advice or support please, in the first instance review the OCSIA website – www.ocsia.im