“You could take anything from emergency services, health care systems, or other things offline without meaning to. Which both has an immediate impact – you could hurt civilians inside Russia – and it could also inadvertently escalate things if the Russians perceive that as a direct order,” he said.
In January, the NCSC published guidelines on the steps that organisations can take to address “heightened” cyber threats. Although it doesn’t specifically reference Russia, the timing of its release reflects the uncertainty of the situation.
“The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation,” the NCSC writes.
“The most important thing for organisations of all sizes is to make sure that the fundamentals of cyber security are in place to protect their devices, networks and systems. The actions below are about ensuring that basic cyber hygiene controls are in place and functioning correctly. This is important under all circumstances but critical during periods of heightened cyber threat.
“An organisation is unlikely to be able to make widespread system changes quickly in response to a change in threat, but organisations should make every effort to implement these actions as a priority.
The NCSC recommends a variety of measures, such as reviewing your patch management systems, verifying access controls, implementing an incident response plan and evaluating your susceptibility to phishing scams.
Another crucial aspect of data protection, particularly in light of the current situation, is Cloud security.
Why Cloud security is essential
Cloud security is a subset of cyber security that addresses organisations’ ability to secure data, applications and infrastructure that’s stored remotely online.
With hybrid working now the norm, many organisations are increasingly reliant on the Cloud to ensure their staff can access the data and services they need wherever they are.
However, the use of the Cloud increases the data protection risks that organisations face. For example, should the Cloud service provider suffer a security incident, your organisation could experience delays in the supply of good or services.
Moreover, depending on the nature of the incident, your organisation’s data could be compromised.
To protect organisations from these risks, the NCSC (National Cyber Security Centre) created the Cloud Security Principles. They outline 14 recommendations for protecting information stored online.
1. Data in transit protection
User data transiting networks should be adequately protected against tampering and eavesdropping.
2. Asset protection and resilience
User data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.
3. Separation between users
A malicious or compromised user of the service should not be able to affect the service or data of another.
4. Governance framework
The service provider should have a security governance framework which coordinates and directs its management of the service and information within it. Any technical controls deployed outside of this framework will be fundamentally undermined.
5. Operational security
The service needs to be operated and managed securely in order to impede, detect or prevent attacks. Good operational security should not require complex, bureaucratic, time consuming or expensive processes.
6. Personnel security
Where service provider personnel have access to your data and systems you need a high degree of confidence in their trustworthiness. Thorough screening, supported by adequate training, reduces the likelihood of accidental or malicious compromise by service provider personnel.
7. Secure development
Services should be designed and developed to identify and mitigate threats to their security.
8. Supply chain security
The service provider should ensure that its supply chain satisfactorily supports all of the security principles which the service claims to implement.
9. Secure user management
Your provider should make the tools available for you to securely manage your use of their service.
10. Identity and authentication
All access to service interfaces should be constrained to authenticated and authorised individuals.
11. External interface protection
All external or less trusted interfaces of the service should be identified and appropriately defended.
12. Secure service administration
Systems used for administration of a cloud service will have highly privileged access to that service. Their compromise would have significant impact, including the means to bypass security controls and steal or manipulate large volumes of data.
13. Audit information for users
You should be provided with the audit records needed to monitor access to your service and the data held within it. The type of audit information available to you will have a direct impact on your ability to detect and respond to inappropriate or malicious activity within reasonable timescales.
14. Secure use of the service
The security of Cloud services and the data held within them can be undermined if you use the service poorly. Consequently, you will have certain responsibilities when using the service in order for your data to be adequately protected.
DQM GRC’s audit service ensures that you have appropriate defences to protect yourself from a variety of threats.
Our auditors will review your technical and organisational measures against our proprietary audit framework derived from relevant international standards to assure you that your controls are appropriate
The audit comes with a detailed report, providing an assurance rating for each area of your business and outlining weaknesses that you must addressed.
Prioritised recommendations are highlighted to help you develop an action plan, and we can help you implement the necessary measures to instigate that plan.