UK businesses warned to strengthen defences as Russia-Ukraine conflict escalates cyber risk
Cyber security is not just a concern for financial institutions; UK businesses should also heed the global threat and seek trustworthy security partners.
Escalating cyber threats impacting organisations globally
It may be hard to comprehend that tensions between countries eighteen hundred miles away could have a devastating impact on business in the UK however, the threat introduced by the conflict between Russia and Ukraine is significant.
The National Cyber Security Centre has issued new guidance stating that it is vital for organisations to stay ahead of the potential threat and have also recently released an article guiding as to what actions an organisation should take when the cyber security threat is heightened as it is currently, this is a recommended read.
The Financial Conduct Authority has issued advice specifically to UK banks to ensure they have adequate cyber defences. The UK are not alone in issuing warnings with US authorities warning organisations of all shapes and sizes to take immediate steps to reduce the risk of a damaging attack.
Ukraine has suffered several significant cyber-attacks in recent years including attacks in the last few weeks targeting mainly government institutions with the defence ministry and two banks being among the most recently reported targets. With this in mind, businesses in the financial industry are taking their cyber security more seriously.
Western governments believe Russian military intelligence to be behind attacks although this is fiercely denied by Russia as one might expect. Malware does not respect boundaries and one fear is that these cyber-attacks could spread beyond Ukraine's borders as was seen in 2017 when the NotPetya malware reached international organisations including many in the UK. The White House released a press statement that described the 2017 attack as "the most destructive and costly cyber-attack in history". The estimated global cost of that attack was between $5 billion and $10 billion.
Other concerns are that Russia could launch a direct cyber-attack on western infrastructure in retaliation to the support that western governments are providing to Ukraine or for sanctions that may be imposed on Russia. There have been several attacks in the past on western utilities with many being attributed to advanced persistent threat groups, such as APT28 (Fancy Bear) which has the UK and Ukraine among their known targets and are believed to be Russian intelligence GRU Unit 26165 or GRU Unit 74455 who are believed to be behind the 2017 NotPetya attack as well as more recent cyber-attacks in Ukraine.
The Russian invasion of Ukraine will certainly lead to strict financial sanctions being imposed. UK Foreign secretary Liz Truss indicated that this could include widening the scope of Russian assets that may be targeted in the UK while Italy's UniCredit has already decided to back out of a potential acquisition in Russia. Other western financial institutions will also be making provisions for any possible sanctions. The potential idea of Russia being expelled from the SWIFT international payment system has also been mooted which would have far-reaching implications.
It is highly likely that with severe sanctions placed on them, Russia will seek to destabilise western economies in retaliation, and it is therefore highly probable that the financial sector will be a prime target. Attacks need not be overly complicated with a simple denial of service (DOS) attack being an extremely effective means of disrupting operations or the perfect smokescreen for more sophisticated attacks.
Cyber security does not always receive the appropriate prioritisation, but organisations must act now using the heightened cyber threat to their advantage to ensure that they bolster their resilience against cyber-attacks.
Financial institutions won't be the only target, UK businesses need to take heed of the global situation and look to credible security partners to bolster their security posture against the cyber-attacks being seen across Europe.
Callum Moore | Cyber Security Business Consultant
A&O IT Group
Take decisive action before it's too late
Whilst each environment may be somewhat unique there are basic steps that will apply to all. These include:
- ensuring software updates including security patches are applied promptly
- endpoint protection is installed on all devices
- secure backups are available with an appropriate retention scheme
- access is granted to systems using the principle of least privilege
- strong passwords are enforced everywhere
- regular security assessments are performed by experienced security consultants
- vulnerabilities being remediated as soon as possible
- provision of cyber-security awareness training to all personnel
Know your data now
In addition to taking recommended steps to prevent a cyber-attack, organisations should prepare for the worst ensuring they fully understand and have documented their environments with an effective incident response plan in place. One element of this will be understanding your data, its sensitivity, and its importance to your business. You can't protect what you don't know. Assessments are performed by experienced security consultants who not only provide you with clear and concise advice, but they are always available to discuss findings and answer any questions you may have long after the assessment has ended.
Take control before someone else does
A&O IT Group is a trusted security partner to organisations globally with more than 20 years of working with the banking and finance sector. We have helped our clients secure banking applications on the web and mobile, performed realistic attack simulations both physically and digitally on bank branches, head office buildings and data centres, performed in-depth assessments of ATMs and provided phishing and other social engineering assessments as well as countless bespoke assessments tailored to the unique requirements of each client. In addition to the technical assessments, we deliver training and awareness sessions targeting specific audiences as we appreciate there is never a one size fits all solution.
We are in no doubt that our clients rest easier knowing that we are in their corner. At the end of each assessment, we provide a comprehensive report detailing any vulnerabilities we have identified and most importantly we provide advice on remediation as well as a risk rating to allow clients to understand their exposure and help prioritise resolution.