As the situation in the Ukraine escalates, there is a need for increased focus, awareness and preparedness against cyber-related attacks on key Critical National Infrastructure (CNI). This brief insight outlines some of the key steps businesses should take in preparation for such attacks.
What should be the immediate priorities for CNI providers?
Be ready for an attack on your systems or supply chain and the impact it will have on your organisation. CNI is becoming an increasingly popular target for malicious actors due to the devastating impacts downtime and delays can have. This period is the calm before the storm, so CNI-based cybersecurity teams should use this time to:
- ensure their systems are fully patched
- improve access controls and enable multi-factor authentication
- implement incident response plans
- check, double-check, then triple-check that backup and restore mechanisms are functional
- ensure online defences are working as intended
- stay up-to-date with the latest threat and mitigation information.
How can you ensure you are ready for this uplifted threat? What guidance is available?
Follow the advice from the UK National Cyber Security Centre (NCSC) around the steps to be taken. This will augment your internal processes and be an excellent first start as part of your overall plan of action. Secondly, ensure you have the right people available to support you during the coming days, weeks and months ahead.
What should you do if you think you've been compromised?
- Assess and seek advice. Do not be complacent.
- Consult recently refreshed guidance on increasing international cyber threat levels.
- Check your internal cyber resilience and recovery processes.
- Identify your crown jewels (most critical assets and data) and seek to protect and monitor these from both external and insider attacks.
What is the best approach to take to protect your assets and ensure the security of supply?
The actions below ensure basic cyber hygiene controls are in place and functioning correctly. This is important under all circumstances, but critical during extended heightened cyber threats. CNI-based organisations especially should make every effort to prioritise the following actions:
- check your system patching across your OT and IT estate
- verify access controls
- ensure defences are working
- logging and monitoring
- review your backups
- incident plan
- check your internet footprint
- phishing response
- third-party access
- NCSC services
- brief your wider organisation through a communications plan
- ensure availability of key resources or suppliers.
How can we help?
With our unique experience working across CNI industries, Enzen can provide immediate advice and support to help you prepare for such an attack and mitigate the consequences for your business.
To find out more contact our Head of Cyber Services Steve O'Sullivan.