Russian Agents Are Behind Many Recent Attacks

Uploaded on 2018-10-05 in FREE TO VIEW, GOVERNMENT-Defence, GOVERNMENT-National

The UK National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU, which is the Russian military intelligence service. 

These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

Cyber-attacks orchestrated by the GRU have attempted to undermine international sporting institution the World Anti-Doping Agency (WADA), disrupt transport systems in Ukraine, and destabilise democracies and target businesses.

The campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
As Britain has stepped up its cyber-crime offensive against the threat from Russia and terrorist groups with a joint taskforce between the Ministry of Defence and GCHQ.

The unit, which will be made up of some 2,000 recruits from the military and security services industry, is set to quadruple the number of people in offensive cyber-crime roles.

In the commercial world. how do we develop a secure cybersecurity regime?

The potential business revenue from market analysis, rising compliance requirements and security threats must not be ignored. The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency. 

Organisations must review the best ways to go about developing sound cyber-security policies and practices in 2019 that could be used for commercial gain as well as internal commercial security. Here are 5 Recommendations

1.Update software and systems
This requires centralised IT policy that adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to the network, instead of a 'pull' methodology, which notifies the user that a new security patch is available and gives them the option to load this new software when it's convenient.  

2. Conduct top-to-bottom Cyber Security Audits
Your company should conduct a thorough cyber security audit of its IT assets and practices. This audit should review the security practices and policies of your central IT systems, as well as your end-user departments and at the 'edges' of your enterprise, like the automated machines and IoT you might be employing at remote manufacturing plants.  

The audit should look not only at the software and hardware techniques you have in place to protect security but also at remote site personnel habits and compliance with security policies.

These audits should be carried out by an independent cyber-audit business that brings a clear understanding of cyber security to the business being audited – this would be similar to a Financial Audit and so it should also bring a certification of completion and security each year.

3. Provide continuing Cyber-Security Training 
Cyber-security education should be a part of every employee’s work process. 
On a quarterly basis, a refresher course in cyber-security practices should also be given to employee’s company-wide. 
This ensures that security policies and practices stay fresh in employees' minds, and that they understand any policy additions or changes.

4. Sales and Marketing
Your planning, sales and marketing departments should use web search and analysis of the markets, your clients and potential markets and new clients. 
Full electronic market research is very effective for understanding your current clients and building new markets and clients.

5. Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity technologies, policies, and practices in plain language that the Board, and stakeholders understand. 

Business leaders must get themselves up-to-date with new changes, opportunities and potential threats.

Gov.uk:

You Might Also Read: 

What Is The GRU & Who Does It Hack?:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

 

 

« Shockwave - A Global Transformation In Warfare
Microsoft Say The IoT Is Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.