The government’s National Cyber Security Centre (NCSC) has warned British businesses to bolster their IT security in response to cyber attacks linked to tensions in and around Ukraine.
Although the NCSC – part of GCHQ – stated that it was not aware of any current specific threats to UK organisations, it has updated its guidance online.
According to research published today by commercial insurance specialist NFU Mutual, cyber attacks are a top concern for over a third of the UK’s small businesses (36%). Only IT system failures (55%) and Covid-19 breakouts (51%) were ranked as higher concerns.
The NCSC is investigating recent reports of malicious cyber incidents in Ukraine. It added that incidents of this nature were similar to a pattern of Russian behaviour seen before in previous situations, including the destructive NotPetya attack in 2017 and cyber attacks against Georgia. The UK Government has attributed responsibility for both these attacks to the Russian government.
Steps recommended by the NCSC to reduce the risk of falling victim to an attack include patching systems, improving access controls and enabling multi-factor authentication, implementing an effective incident response plan, checking that back-ups and restore mechanisms are working, ensuring that online defences are working as expected, and keeping up to date with the latest threat and mitigation information.
Paul Chichester, the NCSC’s director of operations, said on Friday: “The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them.
“While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.
“Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
NFU Mutual has partnered with business continuity specialist Inoni to produce a range of free tools to help make sure small businesses are prepared for attacks. The resources offer support with assessing current business resilience and identifying possible areas for action.
Free downloadable continuity plan templates and a seriehttps://www.nfumutual.co.uk/news-and-stories/how-to-protect-your-business-from-a-cyber-attacks of articles highlighting key risks and mitigating actions are also provided.
Zoe Knight, commercial insurance specialist at NFU Mutual, said: “While the national alert sees concern and guidance geared at larger businesses, smaller businesses should not take this as a cue to disregard potential dangers.
“The ongoing threat of cyber-attack is so prevailing that all businesses need a well-understood cyber strategy to avoid falling victim. We are concerned that many smaller firms, who are less likely to have a response plan in place, are leaving themselves vulnerable.
“Cyber attacks on small businesses can have wide-ranging and wide-reaching impacts. Laptops and PCs may be locked for days, weeks or months, and core business data can be inaccessible, encrypted or erased.
“The result can be the loss of reputation, trust and custom, while the business still incurs the full costs of operating- something which no small business can sustain for long.”