Ukraine Crisis - Data and Cybersecurity

Last updated: 12:00pm, 28th February 2022

The ongoing crisis in Ukraine has caused an increased cybersecurity risk to organisations outside that country, including in the UK.

The UK's National Cyber Security Centre (“NCSC”) has issued guidance advising UK businesses to act in the wake of the crisis.  It has advised businesses that they should act on improving their cyber resilience in response to the increased threat of cyber-attacks from Russia. The NCSC is a UK governmental organisation that provides advice and support for the public and private sector in how to avoid computer security threats. Most organisations cannot influence the level of cyber threat risk. So, they should concentrate on reducing their vulnerability to cyber threats instead. The NCSC recommends that UK businesses take the following actionable steps to reduce their exposure to the threat of cyber-attacks:

• Balance Cyber Risk and Defence - UK organisations should strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation.
• Incident Response Plan. Do you have one? Is it up to date, with clear lines of escalation and contact points? Is it clear on who has authority to make certain decisions?
• Check your system patching. Ensure that user devices, firmware and internet-facing services are patched.
• Verify access controls. Ensure that staff passwords are strong and unique and carefully review old or unused accounts.
• Ensure defences are working. Check your firewalls and ensure that antivirus software is installed.
• Log and monitor. Understand your logging and monitor key logs (especially antivirus logs).
• Review back-ups. Check that back-ups are working properly and that you have offline back-up; also check that machine state and critical external credentials are backed-up.
• Check your internet footprint. Are your organisation's records of your external internet-facing footprint correct and up to date? Perform an external vulnerability scan of your whole internet footprint and check that everything you need to patch has been patched.
• Third party access. If third parties have access to your IT systems, ensure that you understand what privileges they have. Remove access that is no longer needed and understand the security practices of your third parties.

UK organisations should also raise awareness amongst their staff of the heightened threat and its potential implications, training them on how to recognise and report phishing attacks. If you are a large organisation, you should consider further action in addition to the above, including the accelerating measures to limit cyber risk; delaying significant system changes that are not security-focused; and applying software patches aggressively and at scale. Freeths Comment Whilst the NCSC is not currently aware of any specific threats to UK organisations, it notes that there has been a history of cyber-attacks on Ukraine that have had international consequences.  For example, we note from media reports that a “wiper” malware has been discovered in Ukraine that deletes data from infected computers. There is concern that this type of malware could spread to other countries. The ongoing crisis has heightened cybersecurity risk such that UK organisations cannot proceed on a “business as usual” basis. That risk may increase, should the crisis escalate further. UK businesses should therefore benchmark their cyber threat response against the NCSC's guidance and keep an active watching brief as the situation develops.

---

If you would like any further information on anything covered in this article, please do not hesitate to contact Luke Dixon, IT & Data Partner.