#5MinSecurityRead: War in Ukraine and cybersecurity considerations

News and information from the Advent IM team.

Our latest Five Minute Security Read comes Senior Security Consultant from Ian Warren.

Cyber Threat – Are you ready?

“It is a doctrine of war not to assume the enemy will not come, but rather to rely on one’s readiness to meet him; not to presume that he will not attack, but rather to make one’s self invisible”

So said Sun Tzu the philosophical Chinese general in his “The Art of War” from the 5th century BC, and never more so appropriate now given the insidious events taking place in Ukraine.  The war in Ukraine has the world’s attention which has responded in varying ways to the events unfolding on the internet stage.

Already we’ve seen the news and social media spawning numerous threads from both sides which highlight the attempts to project the truth and tragedy as well as that which dishes the deception, the sleight of hand, or the downright dirty.

Yet, surprisingly, the cyber factor appears to be relatively low given the hostile cyber events experienced by Ukraine not so long ago that went on to affect global business through malware spreading.

The National Cyber Security Centre (NCSC), UK, Cybersecurity & Infrastructure Security Agency (CISA), the USA, and the other US and Australian agencies are all being vocal about known threats that have surfaced in Ukraine, namely WhisperGate, HemeticWiper, and IsaacWiper.  To that end, we at Advent thought it pertinent to suggest businesses look at their Cyber Security and about steps to be taking now if not already in action.

System Patching– Ensure your ICT assets patching is up to date and any known vulnerabilities are mitigated by other means.

Access Controls– Password management is strong and unique to your business systems, if using Multifactor Authentication, ensure it’s properly configured.  Review existing User accounts and remove any old user accounts, especially those with privileged or administrative access.

System Defences– Ensure antivirus is installed and functioning, Firewall rules are as expected, specifically check for any temp rules that may have been left in place beyond their life expectancy.

Logging and Monitoring– Understand what logging you have in place, where they are stored, and for how long.  Monitor key logs and antivirus logs; ensure retention is appropriate, for at least one month.

Backups– Are they comprehensive (including private keys, access tokens) and running correctly, and do you have an offline copy for resilience.  Perform test backup restorations to ensure the process is understood and they work.

Incident Plan– Is your Incident Response Plan up to date; escalation routes, key people details, especially out of hours, and is the plan and means to communicate available if business systems are not.

Internet Footprint– Check that records of external, internet-facing, footprint are correct and up to date.  Think IP addresses and domain names; is your domain registration data secure?  An external vulnerability scan is advisable and again, check the patching.

Phishing Response – Do staff know what to do if they suspect an email and are your processes for dealing with them, robust.

3rd Party Access – Check the level of access into your networks, by whom, and privileges conferred; remove access no longer required.  Most importantly, understand their security regime.

Staff Awareness – Ensure the whole business understands the potential from the heightened threat; lack of understanding and awareness of how to recognise threats and the prompt actions to take, will result in significant impact to business and reputation.

Advent IM Ltd would like to think we’re all ahead of the game, but the next worst thing is a hostile state’s next step away and may already be threatening your perimeter; stay alert, stay safe and if in doubt, report it!


Share this Post