West on high alert
Such is the unease among western intelligence agencies that US President, Joe Biden has called on private companies and organisations across America to "lock their digital doors". The UK's National Cyber Security Centre (NCSC) has echoed the US president's call, stressing in a recent statement that "in heightened periods of international tension, all organisations should be vigilant to cyber risks, and for several months the NCSC has been advising organisations to bolster their cyber security."
Why we need to act now to prevent cyber-warfare collateral damage
On 27 June 2017, a devastating cyber-attack attributed to Russian state-sponsored hackers shut down much of Ukraine’s infrastructure, including government offices, banks, media outlets, the railway and the postal service. This apparent ransomware attack quickly spread from infected computers in Ukraine to computer systems around the globe, causing widespread disruption and loss of data, which the US government estimated cost ten billion US dollars. This cyber-attack became known as ‘NotPetya’ because it appeared to mimic previous so-called ‘Petya’ ransomware.
Almost seven weeks before this outbreak, the NHS was brought briefly to its knees by another international cyber-attack called WannaCry. As many as 70,000 devices, including laptops, desktops, mobile devices, and other machines, were infected. The reason why so many computers fell prey to WannaCry is because users had failed to update their Microsoft Windows operating systems. Had those affected taken this precaution, the vulnerabilities that Wannacry was designed to exploit would have been neutralised by the security patch Microsoft released before the attack.
Guidance from the UK’s National Cyber Security Centre
Faced with the threat of increased malicious cyber-activity, the NCSC advises every organisation, regardless of its size, to ensure that it has cyber-security installed to protect its computer network and data. It has published guidance on its website, summarised as follows:
- Check your system patching
- Verify access controls, such as passwords
- Ensure defences are working
- Check logging and monitoring processes
- Review backups
- Check your incident plan
- Check your internet footprint
- Ensure staff know how to report phishing emails
- Review third-party access
- Register for the NCSC’s Early Warning service
- Brief your wider organisation so that everyone is aware of the heightened threat situation.
Although it’s unrealistic to expect every organisation to implement extensive cyber-security enhancements quickly, the NCSC is urging businesses to put its recommendations into effect as soon as possible, given the current unpredictable situation.
If you need further assistance or would like more information about cyber-liability insurance, contact Clear's cyber-insurance specialist Stewart Ruffles on 020 7280 3479.