Cyber Risk as Regional Conflict Intensifies

30 March 2022

As the Russia-Ukraine war rages on, increased cybersecurity attacks have become a very real threat around the world. In February, GCHQ’s National Cyber Security Centre (NCSC) urged UK organisations to ‘bolster their online defences’ and warned that there has been a ‘historical pattern of cyber-attacks on Ukraine with international consequences’.

 Regardless of company size, your cybersecurity foundations may be challenged even further by the use of cyberattacks in the unfolding geopolitical crisis.

 As cybersecurity concerns continue to spill over into daily life, there may not be time to implement new solutions, but now is definitely the time to consider all eventualities and take action to remediate gaps in your security posture.

Here is a list of the things you should consider to protect your organisation:

Incident Plan – review the existing incident plan, and what services in your supply chain may be impacted.

Decision Making – ensure the senior leadership team is fully engaged and informed to enable quick decision-making and support.

Defence mechanisms – consider expediting the cadence of patching, to minimise the impact of this risk. Microsoft Patch Tuesday was only last week, have these patches been rolled out, and is your attack surface already reducing?

Access Controls – are you maintaining 100% multi-factor authentication across the organisation, or if incomplete, using User and Entity Behaviour Analysis (UEBA) to check for compromise?

Monitoring – ensure Endpoint Detection and Response (EDR) capability is fully deployed as this provides enhanced visibility into the endpoints and allows for faster response time when needed.

Backups – These are key if there is a ransomware attack to restore your business. Even if you are confident with your backup capability, now is a good time to review the firm’s data backup strategy.

Internet footprint – check your DNS records and domain registrar details are up to date and consider an external vulnerability scan of any public-facing services.

Phishing – are your employees receiving regular awareness training? Do they know how to react to and report phishing activity?

Third-Party Access – review the current access permitted by Third Party firms and consider adding additional controls if privileged access is required.

Communication – provide regular briefings and comms to your staff to be vigilant and more aware of the possibility of a heightened cyber attack.

As a Specialist Security ServiceNow Partner, we see this as an opportunity to review how ServiceNow modules such as SecOps Incident Response and Vulnerability Management can deliver the real-time management information business leaders can rely on. For responders, there are new integrations with Threat Intelligence products and API Alert Ingestion for SecOps, plus defined Playbooks to assist the Security Analyst. All these capabilities will improve the ability to respond quickly and effectively.

The ServiceNow IRM application provides GRC and Operational Resilience functionality that allows organisations to continue providing business services in the face of adverse operational events, including cyberattacks. The comprehensive monitoring capabilities – risk status, important business services, vulnerabilities, service outage, or degradation – provide an integrated real-time dashboard for your Operational Resilience position. By adding scenarios to perform stress tests, you can measure the actual risk impact on your important services.

A chain is only as strong as its weakest link so now is the time to tighten your cyber resilience and prevent any attack on your infrastructure. If you need guidance and support on achieving this, please contact one of our experts today.