Russian Agents Are Behind Many Recent Attacks
The UK National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU, which is the Russian military intelligence service.
These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
Cyber-attacks orchestrated by the GRU have attempted to undermine international sporting institution the World Anti-Doping Agency (WADA), disrupt transport systems in Ukraine, and destabilise democracies and target businesses.
The campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
As Britain has stepped up its cyber-crime offensive against the threat from Russia and terrorist groups with a joint taskforce between the Ministry of Defence and GCHQ.
The unit, which will be made up of some 2,000 recruits from the military and security services industry, is set to quadruple the number of people in offensive cyber-crime roles.
In the commercial world. how do we develop a secure cybersecurity regime?
The potential business revenue from market analysis, rising compliance requirements and security threats must not be ignored. The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency.
Organisations must review the best ways to go about developing sound cyber-security policies and practices in 2019 that could be used for commercial gain as well as internal commercial security. Here are 5 Recommendations
1.Update software and systems
This requires centralised IT policy that adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to the network, instead of a 'pull' methodology, which notifies the user that a new security patch is available and gives them the option to load this new software when it's convenient.
2. Conduct top-to-bottom Cyber Security Audits
Your company should conduct a thorough cyber security audit of its IT assets and practices. This audit should review the security practices and policies of your central IT systems, as well as your end-user departments and at the 'edges' of your enterprise, like the automated machines and IoT you might be employing at remote manufacturing plants.
The audit should look not only at the software and hardware techniques you have in place to protect security but also at remote site personnel habits and compliance with security policies.
These audits should be carried out by an independent cyber-audit business that brings a clear understanding of cyber security to the business being audited – this would be similar to a Financial Audit and so it should also bring a certification of completion and security each year.
3. Provide continuing Cyber-Security Training
Cyber-security education should be a part of every employee’s work process.
On a quarterly basis, a refresher course in cyber-security practices should also be given to employee’s company-wide.
This ensures that security policies and practices stay fresh in employees' minds, and that they understand any policy additions or changes.
4. Sales and Marketing
Your planning, sales and marketing departments should use web search and analysis of the markets, your clients and potential markets and new clients.
Full electronic market research is very effective for understanding your current clients and building new markets and clients.
5. Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity technologies, policies, and practices in plain language that the Board, and stakeholders understand.
Business leaders must get themselves up-to-date with new changes, opportunities and potential threats.
You Might Also Read:
What Is The GRU & Who Does It Hack?:
Britain Plots Cyber Revenge On Russia For Novichok Poisonings: