Cyber

UK organisations urged to boost cyber attack defences amid Ukraine tensions

Updated guidance encourages organisations to reduce the risk of falling victim to a cyber attack by taking "actionable" steps.

British organisations have been warned to bolster their digital defences due to "malicious" cyber incidents in Ukraine.

The National Cyber Security Centre (NCSC) has updated its guidance to UK firms and groups and said it is investigating the recent reports of "malicious cyber incidents in Ukraine".

The NCSC said it had not identified any current threats to the UK, but noted its updated guidance would allow organisations "to build resilience and stay ahead of potential threats".

Cyber attacks are considered by some to be part of the 'grey zone' – acts of aggression involving covert tactics that fall short of military conflict.

Elisabeth Braw, Senior Fellow at the American Enterprise Institute, told Forces News last week the recent combination of different forms of 'grey zone' aggression being used against Ukraine was "quite remarkable".

The National Cyber Security Centre's director of operations, Paul Chichester, said: "The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them.

"While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.

"Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace.

"Last week's incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before," he added.

The updated guidance encourages organisations to reduce the risk of falling victim to a cyber attack by taking "actionable" steps.

These include patching systems, improving access controls and enabling multi-factor authentication, implementing an effective incident response plan, checking backups and restore mechanisms are working, ensuring online defences are working as expected, and keeping up to date with the latest threat and mitigation information.

Those organisations that do fall victim to a cyber attack are asked to report the incident to the NCSC's incident management team.