Security Strategy Consultant Paul McLatchie provides some proactive steps you can take to protect your organisation as cyber security concerns grow.
The global community is currently observing the situation in Ukraine with growing concern. Having spent the past two years pivoting to adjust to the security demands of a remote workforce during an unprecedented world event, we’re now all potentially faced with another significant cyber security challenge. With this in mind, public sector organisations are beginning to consider what additional actions should be undertaken to further enhance their existing security posture.
Following Russia’s invasion of its neighbour, the conversation around the increased threat of cyberattacks has been prominent. There is a lot of conflicting information circulating when it comes to cyber impact, much of which can often be difficult to substantiate.
This has also meant an increase in cyber vendors upping their push on their latest security toolsets. So, what’s the next step for organisations?
Given its assets and position, the public sector will likely always be a favoured target for cyberattacks. As easy as this might be to say, Daisy’s advice is to remain calm but vigilant in assessing the increased cyber security threat and to focus on getting the basics right. At time of writing, the UK’s National Cyber Security Centre (NCSC) is not aware of specific threats to any UK organisation in relation to events in and around Ukraine.
However, there has been a history of cyberattacks on Ukraine with resultant international consequences. This has contributed to a sense of urgency in organisations to recheck the policies, processes and technologies that are in operation. As such, the NCSC urges organisations to “follow actionable steps that reduce the risk of falling victim to an attack.”
To reduce risk, we advise the following steps which align with and expand upon the NCSC’s guidance1. These activities amount to security fundamentals and should form part of a well-rounded cyber security capability:
Identify and patch vulnerabilities
Ensure all security vulnerabilities are patched as soon as possible, particularly those with a Common Vulnerability Scoring System (CVSS) score of High (7.0-8.9) or Critical (9.0+). Ensure this is completed across your estate, including network infrastructure, servers, desktops, applications etc. You should also deploy a vulnerability management platform to identify non-compliant devices that have not yet been patched in order to assist with remediation – this can include unknown devices on the network.
Limit phishing exposure
Providing regular security awareness training and reminding IT users regularly of common and current threats will ensure a well-versed workforce that can identify and report phishing attempts. You should also run frequent phishing test campaigns to identify vulnerable individuals who may require additional training and protection. Current email security technologies and configurations should also be assessed to ensure phishing attempts are being actively mitigated. Consider deploying impersonation protection to protect against social engineering attacks via VIP spoofing.
Configuring next-generation firewall technologies such as cloud sandboxing, malware analysis and intrusion prevention systems (IPS), will keep your virtual perimeter secure – both on-site and remotely. You should also be regularly reviewing and responding to IPS alerts and be performing frequent tuning of the IPS configuration as required. Make sure that users’ network traffic is web filtered and firewalled – even when they are working from home – with a consistent policy.
Secure access service edge (SASE) capability, combining networking and security controls as a cloud computing service, provides yet another avenue of exploration for organisations looking to enhance security posture. Year-on-year growth of cloud-delivered services means SASE is becoming ever more relevant as time goes on.
Passwords and multi-factor authentication (MFA)
A password-free future is very much the direction of travel in terms of security. In the meantime, adhering to best practice around password management is still extremely relevant.
Follow NCSC guidance regarding passwords. This is regularly changing, so it’s well worth a review even if you’ve already read it. This includes removing complexity requirements and password expiry, preferring instead to enforce a minimum password length. Single Sign-on (SSO) is appropriate for many organisations, but where it’s not implemented, end-users often have to deal with a multitude of passwords. Consider providing a password manager for users, as this enables the potential of using complex machine-generated passwords which would otherwise prove impractical. Use privilege access management (PAM) software to control and delegate access to shared resources wherever possible, using just-in-time access if suitable.
Follow the 3-2-1 rule for backups: hold 3 copies of your data, on 2 different medias, with 1 copy off-site. Ensure these backups are regularly tested to ensure they are able to be restored. Deploy anti-malware scanning on the backups as they are stored to ensure that malware is not replicated to backups. You should also deploy immutable backups to protect against ransomware.
Things move really quickly in cyber security and so, as simple as it may sound, keeping abreast of changes in the threat landscape is really important. You can do this by signing up to vendor alerts regarding newly-uncovered vulnerabilities which can help you respond to them quickly; vulnerability management software can also help in this regard.
There’s no such thing as too much intel when it comes to staying safe, so following as many cyber security updates from as many experts in the field can only be a good thing, and is something you can do relatively quickly.
Monitor your infrastructure to identify attempted attacks. This can be done using a security information and event management (SIEM) platform to carry out environmental monitoring and perform AI analysis in order to reduce your security team’s workload and free them up for other tasks.
Take this opportunity to either create or update security incident response plans. These must include what to do in the event of an incident and also who to inform, including the Information Commissioner’s Office (ICO).
Effective incident response is complemented by good business continuity planning, inclusive of a solid disaster recovery process that is subject to scheduled testing.
This may seem like an overwhelming list at first, but Daisy is here to reassure you and offer any assistance you need. These activities reflect real security fundamentals, and so support is readily available to help you further develop organisational cyber security posture in relation to these key considerations. Our dedicated team has a wealth of experience when it comes to keeping public sector environments safe, so please don’t hesitate to give us a call to begin your journey to a more secure future.
You can contact your account manager or our one of our agents on 0344 863 3000.