NCSC Issues Updated Guidance for UK Organisations

With cyber-attacks on the rise, and concerns heightened since the recent cyber attack in Ukraine, The National Cyber Security Center has issued updated guidance and additional measures that businesses can take their threat level rises.

Their advice centres around businesses knowing what will affect their cyber-attack and how to deal with changing threat levels.

A business faces varying levels of threat over time so it’s important to always have the security measures updated to balance the risk, measures needed to defend the risk and the implications and cost of these measures. When the threat increases organisations need to prioritise necessary cyber security work, offer a temporary boost to defences and give themselves the best chance of recovering from an attack.

A business’ cyber security risk can change for many reasons. There could be a temporary uplift in adversary capability such as a widely used service being actively exploited, or it can be more specific to a particular organisation, sector or country. An individual organisation can’t influence the threat level so it’s vital for all organisations to be prepared to respond to changing threat levels.

The most important action is to ensure that your company’s cyber security fundamentals are in place so that all devices, networks and systems are protected. Focusing on reducing your vulnerability to attack is the first line of defence and should be taken seriously.

The NCSC guidance recommends all businesses do the following:

Check your system patching

Ensure all devices, third party software, firmware, internet-facing services and key business systems are patched and turn on automatic updates if possible. Where there are unpatched vulnerabilities, ensure that other mitigations are in place.

Verify access controls

Ask staff to ensure that all passwords are strong and unique to your business and not shared across non-business accounts. Remove all old or unused accounts, especially those with administrative access and ensure any multi-factor authentication is enabled.

Ensure defences are working

Ensure all antivirus software is installed and up to date across all devices, including all firewall rules.

Logging and monitoring

Ensure that you fully understand what logging you have in place, where these logs are stored and how long they are retained, ensuring they are kept for at least one month.

Review your backups

Check that your backups are running correctly and perform test restorations regularly. Ensure that you have an offline copy of your recent backup, including critical external credentials.

Incident plan

Make sure you always have an updated incident response plan, with updated escalation routes, contact details, key decision-makers and communication mechanisms. Have an offline version that can be accessed at all times.

Check your internet footprint

Check that all records of your external internet-facing footprint are correct and updated including which IP addresses your systems use, which domain names belong to your organisation and ensure that these are held securely. Regularly perform an external vulnerability scan of your whole internet footprint to double-check any security holes.

Phishing response

Make sure that all staff know how to spot and report phishing emails and that there is a reporting process in place.

Third-party access

If any third parties have access to your networks, ensure there’s a comprehensive understanding of access rules and remove anyone that is no longer required.

Brief your wider organisation

Ensure that all teams understand the heightened risk and how it may affect their teams and workload if things aren’t properly reported.

The NCSC has also recommended that larger organisations should also consider the following:

  • See if any cybersecurity plans should be accelerated
  • Make sure informed decisions are made when the risk is heightened to measure if the risk is worth it
  • Assess whether it is appropriate to accept a temporary reduction in functionality to reduce threat exposure
  • Take a more aggressive approach to patch security vulnerabilities when risk is heightened
  • Delay any significant system changes
  • Make arrangements for extended operational hours or contingency plans for your cyber security team

For more in-depth information on preventing a cyber-attack, sign up for YCSC’s monthly webinar to gain more knowledge and information from the cyber software community.

Leave a Reply

Your email address will not be published.