The National Cyber Security Centre (NCSC) has published a blog post highlighting ways of tackling different cybersecurity threats that have appeared during the current global unrest.
It focuses on the use of Russian technology products and services following the invasion of Ukraine. According to its author, NCSC’s Technical Director Ian Levy, this remains a delicate balancing act of measuring the different risks.
Following the crisis in Ukraine there have been increasing cases of cyber attacks, not just on the Ukranian infrastructure but farther afield. Russia has already taken action against UK interests, including an attempt to compromise SolarWinds Orion software and also targeting UK telecoms networks.
The NCSC has previously issued advice and guidance on monitoring these cyber threats. In particular, it homes in on understanding the risks behind using ‘cloud-enabled products' where products and services originate from hostile states, such as Russia.
Related: Best password managers.
Keep software up to date
Keeping on top of cyber threats involves practicing basic common sense procedures, which includes keeping software up to date and monitoring for poor network configuration management, as well as keeping tabs on poor credential management.
However, Levy’s post maintains that while the NCSC still think this advice is correct, given the conflict in Ukraine, the context has changed considerably. He writes: Whilst we continue to assess the overall level of technical threat resulting from Russia’s actions, we need to be realistic regarding how Russia may respond.
Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. We also have hacktivists on each side, further complicating matters, so the overall risk has materially changed.
We have no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests, but the absence of evidence is not evidence of absence.
Therefore, the NCSC is advising that given the situation, certain organisations should consider the risk of Russian-controlled parts of their supply chain as part of their overall business risk management.
These include the likes of public sector organisations that weren't covered by its 2017 guidance, organisations providing services to Ukraine, high-profile organisations, organisations providing services related to critical national infrastructure and organisations or individuals doing work that could be seen as being counter to the Russian State's interests, making them retaliatory targets.
Levy’s blog post also touches on individuals who are using Kaspersky antivirus products. He considers the current threat to UK individuals as reasonably limited and that any software is safe to turn on and use at the moment. However, users should be prepared to switch to a different antivirus product if Kaspersky becomes subject to sanctions.
Indeed, Levy notes that any sanctions would prevent existing Kaspersky antivirus products from being updated, which would effectively render the product useless.
The blog post rounds out with some practical advice though: The best thing to do is to make plans, ensure your systems are as resilient as practical and have good recovery plans. We strongly recommend that enterprises follow our guidance on what to do when the threat is heightened and individuals follow the NCSC's Cyber Aware guidance.
Search for the best data recovery software.