Building Cyber Resilience in a heightened alert environment


There has been a lot of talk about cyber weapons and the cyber dimension of global politics after the NotPetya and WannaCry attacks of 2017 and the Stuxnet worm, first discovered in 2010, when it was used to attack the control mechanisms of Iran’s uranium enriching centrifuges.

Professor Ciaran Martin CB, former CEO of the UK National Cyber Security Centre (NCSC), said, there are increasingly realistic scenarios “which cause the US and UK Governments to rightly warn organisations to be on heightened alert. However, these warnings are correctly not phrased in panic mode. UK says explicitly that there is no specific threat.”  What is good is that both governments are proactively engaged with organisations to help them enhance their cyber resilience.

Companies all over the world were caught in the NotPetya attack, causing huge commercial losses.  In the article “The Untold Story of NotPetya, how a single piece of code crashed the world”, Wired.com described the NotPetya attack as, “the most devastating cyberattack in history”.

A recent warning by the leading global cybersecurity governmental organisations has named new malware “Cyclops Blink”, citing it as an emerging threat of note. The National Cyber Security Centre (NCSC) describes Cyclops Blink as a “highly sophisticated piece of malware” that has been “professionally developed”.  It is clear the threat of malware, and particularly, sophisticated malware, remains.

Improving Cyber Resilience with NCSC

The NCSC takes a lead in helping organisations become more resilient at all times, but with the heightened potential for cyber incidents they have issued guidance for organisations to improve their cyber resilience.  That guidance is valid for all scenarios, and starts by saying, “The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation.”

One of the good things about NCSC advice is that it is always impartial, easily understandable, easy to apply, and it is free. This latest guidance describes its purpose as, “When organisations might face a greater threat, and the steps to take to improve security.”  It also provides cost-effective guidance, recognising that not every organisation is the same or can afford the same solutions, so it is very much tailored to an organisations risk appetite, tolerance, and budgets.

CISA Director Jen Easterly, said, “We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim.” 

What is important is that cyber risk to an organisation is balanced with the defensive measures taken to mitigate it, as the threat may vary over time and therefore the implications of the risk versus defence dilemma again may necessarily vary over time. That is when the NCSC suggests that “moving to heightened alert” can:

  • help prioritise necessary cyber security work
  • offer a temporary boost to defences
  • give organisations the best chance of preventing a cyber-attack when it may be more likely, and recovering quickly if it happens

Like the NCSC, CISA provides clear, free advice. They state that in a heightened threat period, “immediate actions that can be taken now include ensuring timely patching of all operating software; implementing a user training program that includes recognizing and reporting suspicious emails; securing and monitoring remote desktop protocol, if used; and maintaining an offline backup of your data.”

Again, like the NCSC the CISA website www.StopRansomware.gov, is the U.S. federal government’s one-stop-shop for resources on how to protect organisations large and small from becoming a victim of ransomware.

Staying ahead of the threats

Given the rapid advances in technology and what seems to be an ever-expanding threat environment, it is probably a sensible idea for all organisations to always maintain a heightened alert, at least at a level that enables them to be one step further forward when potentially exploitable environments such as Web 3, and the Metaverse appear.

The Metaverse is centred on external devices, more IoT, and remains as vulnerable as any, but it is an extra layer of exploitable endpoints where the prizes are crypto wallets, data, and exploitation. Criminals will be expanding their knowledge and preparing for these new nefarious opportunities. Organisations must do the same, as standing still in cyber is, in reality, going in reverse very rapidly.

What is clear is we are in a very uncertain time where cybersecurity could still play a huge part in what is happening globally. Therefore, preparation to enhance robustness is merely a sensible way to minimise any potential risk and ensure organisational resilience and a sound footing to embrace future technologies.


About the Author: Philip Ingram MBE is a former colonel in British military intelligence and is now a journalist and international commentator on all matters security and cyber.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.





Source link