Russian Agents Are Behind Many Recent Attacks

Uploaded on 2018-10-05 in FREE TO VIEW, GOVERNMENT-Defence, GOVERNMENT-National

The UK National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU, which is the Russian military intelligence service. 

These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

Cyber-attacks orchestrated by the GRU have attempted to undermine international sporting institution the World Anti-Doping Agency (WADA), disrupt transport systems in Ukraine, and destabilise democracies and target businesses.

The campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
As Britain has stepped up its cyber-crime offensive against the threat from Russia and terrorist groups with a joint taskforce between the Ministry of Defence and GCHQ.

The unit, which will be made up of some 2,000 recruits from the military and security services industry, is set to quadruple the number of people in offensive cyber-crime roles.

In the commercial world. how do we develop a secure cybersecurity regime?

The potential business revenue from market analysis, rising compliance requirements and security threats must not be ignored. The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency. 

Organisations must review the best ways to go about developing sound cyber-security policies and practices in 2019 that could be used for commercial gain as well as internal commercial security. Here are 5 Recommendations

1.Update software and systems
This requires centralised IT policy that adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to the network, instead of a 'pull' methodology, which notifies the user that a new security patch is available and gives them the option to load this new software when it's convenient.  

2. Conduct top-to-bottom Cyber Security Audits
Your company should conduct a thorough cyber security audit of its IT assets and practices. This audit should review the security practices and policies of your central IT systems, as well as your end-user departments and at the 'edges' of your enterprise, like the automated machines and IoT you might be employing at remote manufacturing plants.  

The audit should look not only at the software and hardware techniques you have in place to protect security but also at remote site personnel habits and compliance with security policies.

These audits should be carried out by an independent cyber-audit business that brings a clear understanding of cyber security to the business being audited – this would be similar to a Financial Audit and so it should also bring a certification of completion and security each year.

3. Provide continuing Cyber-Security Training 
Cyber-security education should be a part of every employee’s work process. 
On a quarterly basis, a refresher course in cyber-security practices should also be given to employee’s company-wide. 
This ensures that security policies and practices stay fresh in employees' minds, and that they understand any policy additions or changes.

4. Sales and Marketing
Your planning, sales and marketing departments should use web search and analysis of the markets, your clients and potential markets and new clients. 
Full electronic market research is very effective for understanding your current clients and building new markets and clients.

5. Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity technologies, policies, and practices in plain language that the Board, and stakeholders understand. 

Business leaders must get themselves up-to-date with new changes, opportunities and potential threats.

Gov.uk:

You Might Also Read: 

What Is The GRU & Who Does It Hack?:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

 

 

« Shockwave - A Global Transformation In Warfare
Microsoft Say The IoT Is Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

Zacco

Zacco

Zacco offer a 360° perspective on intellectual property: From patent filing and trademark registration to software development, digital brand protection, cyber security and portfolio management.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.