BT Ireland’s security proposition manager, Dónal Munnelly, explains how enterprises can prepare for heightened cyber risk situations such as war.
As anyone who knows even a little bit about cybersecurity will tell you, it is always prudent to be aware of online dangers.
But what about during times of heightened risk when the whole world is on high alert? Cybercriminals often exploit geopolitical uncertainty and other major events for their own gain.
The war in Ukraine has led to a wave of cyberattacks on the country, with distributed denial-of-service (DDOS) attacks and a new malware linked to Russian cybercriminals. Late last month, Google also reported that Russian hackers targeted NATO and eastern European militaries, and said that the war in Ukraine was being used as a lure in phishing and malware campaigns.
US president Joe Biden made a recent warning to US companies to be wary of bad actors looking to launch attacks at this time. Businesses were urged to take several steps to ensure their information and that of their customers remained safe, including mandating the use of multifactor authentication, deploying modern security tools, ensuring that systems are patched against known vulnerabilities and backing up and encrypting all data.
SiliconRepublic.com spoke to Dónal Munnelly, security proposition manager at BT Ireland, for an Irish cybersecurity expert’s view on these developments. Munnelly explained that businesses here should seek out the advice of the National Cyber Security Centre (NCSC).
Get familiar with the NCSC guidelines
The NCSC “has published some good advice on steps business can take in order to ensure they have the right level of security posture for their current situation and that their current controls are fit for purpose,” Munnelly said.
“This includes scanning for unpatched systems, hardening your Active Directory set-up and reviewing the Cyber Vitals checklist. Consult your internal security team and also your managed security service provider for additional advice and support.”
Munnelly advised business leaders based in Ireland who are reading the news stories about cyberattacks in Ukraine and elsewhere to be vigilant.
‘Having an understanding of how your organisation could be impacted by any form of conflict is clearly important from an operational resilience perspective’
– DÓNAL MUNNELLY
“Cyberattackers don’t respect borders. Your company may be unwittingly caught up in an attack; the best offence is knowing you have a good defence.
“Having an understanding of how your organisation could be impacted by any form of conflict is clearly important from an operational resilience perspective. As part of this, assessing whether your organisation may face direct activity as a result of either its own activities or its wider business relationships is also important as you build your plans and strategies in response to this situation.”
For leaders looking at where to start, Munnelly said to focus on the basics first.
“During these periods, all organisations should focus on bolstering good security practices and undertaking discovery processes to uncover vulnerabilities or indicators of compromise within their estates and supply chains. A heightened state of awareness has been advised and organisations should encourage their stakeholders to flag anything suspicious or which may deviate from normal activity, be that electronically or physically.
“Threat intelligence from Government agencies, commercial providers and internal threat intelligence teams can also be useful to ascertain the techniques and tools being leveraged currently, or whether there is an increase in activity.”
Educate employees, test and back up
Munnelly pointed out that it is “extremely important” for businesses to ensure that all employees’ information is secure. In many cases, the main target for cybercriminals can be an employee’s login details to their business account. If one employee is compromised “this can open the door to the entire organisation”.
With that in mind, business leaders need to remind employees about the threats they can face. “Ask users to report anomalies and spam and use this data to build up internal campaign and intelligence information. Run phishing simulations to test your organisation’s preparedness to this vector and use the data to focus training, advice and controls as required,” Munnelly said.
He also recommended that businesses keep testing their ability to respond to threats in a variety of situations so they are better prepared to deal with any major security incidents.
“Ensure firewall rules are not overly permissive and that temporary rules are removed – especially on internet-facing and high-value services. Monitor firewall logs and web control activity to identify any anomalous traffic. Use a security incident and event management (SIEM) tool to assist with this processing if possible. Review web control and internet browsing policy to remove or control access to high-risk sites and sites which are not categorised or newly registered.”
Munnelly recommended that businesses should consider alternative communication channels in case their regular methods of communication are compromised or become unavailable following a cyberattack.
“Review the backup strategy and ensure that backups are both running and encompass everything needed to restore a service – not just the data,” he added. “Ensure that there are secured offline stores for critical services.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.