What does the conflict in Ukraine mean for UK cyber security?

As Russia’s invasion of Ukraine continues, concern is mounting that the conflict will unleash a fresh wave of cyber-attacks throughout the world.

The recent discovery in Ukraine of ‘wiper’ malware, a denial-of-service assault which paralyses websites by bombarding them with information requests, has accelerated a rush by businesses to bolster their defences should it spread.

Microsoft has also detected a new malware named ‘FoxBlade’ which has focused on stealing health, insurance and transportation data from Ukrainian essential services.

A threat to the West?

Professor Kamal Bechkoum, Head of the School of Computing and Engineering at the University of Gloucestershire

Professor Kamal Bechkoum, Head of the School of Computing and Engineering at the University of Gloucestershire (right)

According to Professor Kamal Bechkoum, Head of the School of Computing and Engineering at the University of Gloucestershire, the cyber threat in Ukraine could well be spilling over into Western nations, meaning UK businesses should take urgent action.

He explains: “Earlier this month John Edwards, the UK information commissioner, was asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK.

“Mr Edwards responded, ‘We have picked up on that heightened threat environment and think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.’

“He further added that outside the Ukraine conflict and the warnings it had brought of a heightened security threat, the Information Commissioner’s Office had seen a steady and significant increase in cyber-attacks against UK businesses over the past two years.

“In this era of global threats, we can all be victims,” continues Kamal. “Too many businesses and people are caught out thinking ‘it’s not going to be us, we’re not that important.’ This is precisely when you can become most exposed.

“Cyber threats should be treated as a company-wide responsibility that is part of organisational culture and fully embedded in disaster recovery plans.

“Around 95% of internal breaches are caused by human error. Training and education have to be continuous as digital resilience is a process, not an event, and as such requires continuous vigilance and ongoing risk assessment.

“Business leaders often look to IT for solutions, but it is vital to work across the organisation and act with unified purpose. On average, we create 2.5 quintillion bytes of data – or one billion, billion bytes – every day. It’s clear increasing connectivity is challenging online safety in new and unexpected ways.

“Ideally, a formal approach should be taken to ensure networks, computers, mobile devices and software are all regularly updated, access to sensitive data and passwords is secure, and staff are aware that phishing attacks may increase and are trained to respond appropriately.

“These processes need frequent review, in addition to the adoption of live policies and practices which link to the core of an organisation’s strategy. Plans should include training and simulated scenarios where a company practices being hit by a major online threat.

“These test runs allow senior staff to ask questions such as ‘what would the reaction of our CEO or spokesperson be?’ and ‘How do we communicate a cyber-breach to our stakeholders and the media?’

“The ultimate answer to keeping safe is to take the best precautions possible when it comes to infrastructure and people, and then be prepared to act if things go wrong.”

The University trains employees and executives to deliver overviews of cyber security, the motivations and methods of ‘threat actors,’ details on why an organisation might be targeted and live-hacking demonstrations and improved security behaviour guidance.

Should we be so concerned?

According to Sergio Caltagirone, Vice President of Threat Intelligence at cybersecurity firm Dragos, international politics shouldn’t dictate our approach to cyber defence.

He comments: “Worrying about more attacks or analyzing an international political situation doesn’t change anything about cyber defence. If there are attacks, regardless of whom conducts them, they are outside of our control. What is important is that asset owners and operators continue their efforts to secure their environments.

“Businesses can prepare in three simple ways: have as much visibility as possible into their operations environments, reduce vulnerabilities where possible, detect changes and threats, be prepared for eventual disruption with effective remediation and response. Remember security doesn’t end with prevention but continues all the way through response and recovery.

“The good news is that Dragos continues to see improvements in industrial infrastructure adding additional cybersecurity controls and visibility. However, the bad news is that remote access to industrial environments continues to grow rapidly faster than security controls are put into place, adding a gigantic vulnerability into our industrial infrastructure, such as electric power, water, oil and gas, manufacturing, and more.

“Remote access is not going away and continues to drive business requirements but security considerations must be made to control environments both pre-and-post compromise.”

However, Dr Max Wigley, VP Capability & CTO for Leonardo’s Cyber and Security Division, says the situation in Ukraine is providing cause for cyber concern.

He comments: “It is certainly true that we are currently in a period of increased cyber threat, and the current situation in Ukraine is leading to an increase in malicious cyber activity associated with nation-state and a range of other threat actors globally.

“The National Cyber Security Centre is constantly reviewing and updating guidance on the latest situation for the UK, and recently published a joint advisory note with the US, Australia, Canada and New Zealand Authorities. Ultimately, it is critical that UK businesses adopt a heightened cyber posture as events over the last few years such as WannaCry have shown that even if organisations are not the target of an attack, these attacks can spread rapidly once released, and cause very real damage and disruption.

“As an NCSC-certified Consultancy, we urge businesses to read and adopt the recent advice from the NCSC on what to do when the cyber threat is heightened. In general, businesses should be looking to adopt an approach based on cyber resilience around their key business outcomes. This will help organisations to ensure they have appropriate cyber protection in place, so they can continue to deliver critical business outcomes for their customers even if they are subject to a cyber-attack.”

Wigley also highlights some of the key trends that businesses should be aware of.

“Aside from recent events, the key trend we see is ever-increasing connectivity in particular in Operational Technology environments which are controlling how our national infrastructure operates – for example, energy generation and distribution systems.

“This has been ongoing for a while now, but the rise of 5G offers the potential for enormous benefits to organisations in terms of efficiencies. However, it also opens up systems to increased cyber threats and, therefore, implementing a Cyber Resilience approach is critical to enabling businesses to take advantage of these technologies, without exposing themselves to unacceptable cyber risk. The Security industry can and must act as a core enabler to this trend.”