Russian Agents Are Behind Many Recent Attacks

Uploaded on 2018-10-05 in FREE TO VIEW, GOVERNMENT-Defence, GOVERNMENT-National

The UK National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU, which is the Russian military intelligence service. 

These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

Cyber-attacks orchestrated by the GRU have attempted to undermine international sporting institution the World Anti-Doping Agency (WADA), disrupt transport systems in Ukraine, and destabilise democracies and target businesses.

The campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
As Britain has stepped up its cyber-crime offensive against the threat from Russia and terrorist groups with a joint taskforce between the Ministry of Defence and GCHQ.

The unit, which will be made up of some 2,000 recruits from the military and security services industry, is set to quadruple the number of people in offensive cyber-crime roles.

In the commercial world. how do we develop a secure cybersecurity regime?

The potential business revenue from market analysis, rising compliance requirements and security threats must not be ignored. The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency. 

Organisations must review the best ways to go about developing sound cyber-security policies and practices in 2019 that could be used for commercial gain as well as internal commercial security. Here are 5 Recommendations

1.Update software and systems
This requires centralised IT policy that adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to the network, instead of a 'pull' methodology, which notifies the user that a new security patch is available and gives them the option to load this new software when it's convenient.  

2. Conduct top-to-bottom Cyber Security Audits
Your company should conduct a thorough cyber security audit of its IT assets and practices. This audit should review the security practices and policies of your central IT systems, as well as your end-user departments and at the 'edges' of your enterprise, like the automated machines and IoT you might be employing at remote manufacturing plants.  

The audit should look not only at the software and hardware techniques you have in place to protect security but also at remote site personnel habits and compliance with security policies.

These audits should be carried out by an independent cyber-audit business that brings a clear understanding of cyber security to the business being audited – this would be similar to a Financial Audit and so it should also bring a certification of completion and security each year.

3. Provide continuing Cyber-Security Training 
Cyber-security education should be a part of every employee’s work process. 
On a quarterly basis, a refresher course in cyber-security practices should also be given to employee’s company-wide. 
This ensures that security policies and practices stay fresh in employees' minds, and that they understand any policy additions or changes.

4. Sales and Marketing
Your planning, sales and marketing departments should use web search and analysis of the markets, your clients and potential markets and new clients. 
Full electronic market research is very effective for understanding your current clients and building new markets and clients.

5. Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity technologies, policies, and practices in plain language that the Board, and stakeholders understand. 

Business leaders must get themselves up-to-date with new changes, opportunities and potential threats.

Gov.uk:

You Might Also Read: 

What Is The GRU & Who Does It Hack?:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

 

 

« Shockwave - A Global Transformation In Warfare
Microsoft Say The IoT Is Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

SISSDEN

SISSDEN

SISSDEN will improve cybersecurity through the development of increased awareness and the effective sharing of actionable threat information.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

NewsGuard Technologies

NewsGuard Technologies

NewsGuard provides transparent tools to counter misinformation for readers, brands, and democracies.