Flag of Ukraine

Ukraine – tech & cyber guidance

8 March 2022 / Insight posted in Article

Following dramatic escalation in Eastern Europe and Russia’s recent violation of Ukraine’s territorial integrity, advice from the National Cyber Security Centre have urged organisations to improve their cyber defences, as it believes the cyber threat is heightened.

The recent past has shown that nation states wielding cyber as a weapon of war can have severe consequences for organisations, as these weapons are often used without due concern for collateral damage.

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organisations in Ukraine, called WhisperGate. It has identified the malware on dozens of impacted systems and that number could grow as their investigation continues. These systems span multiple government, nonprofit and information technology organisations, all based in Ukraine. It is not known how many other victim organisations may exist in Ukraine or other geographic locations.

Destructive malware can threaten an organisation’s daily operation, with the ability to cripple its infrastructure with the impact on critical assets and data. It is feared that further disruptive cyber-attacks against organisations in Ukraine are likely to occur and may unintentionally spill over to organisations in other countries.

 

Guidance for UK organisations

So what can organisations do to protect infrastructure? Guidance includes:

  • ensure security patches are applied across your IT infrastructure;
  • make sure access controls remain strong, for example by following good password hygiene, using two-factor authentication, and restricting privileged access;
  • ensure defences such as anti-virus and firewalls are working as expected;
  • understand what security logging is in place, and how to use this to detect potential security issues;
  • review your backups, confirming these can be relied upon to restore your systems in the event of a catastrophic cyber-attack;
  • have an incident response plan in place that you can call upon if you do fall victim to an attack, to minimise the potential damage and business disruption of a cyber-attack;
  • ensure your supply chain takes similar precautions, and strictly control the level of access these third parties have to your systems;
  • brief staff on the heightened threat, and for them to be on the lookout for, and report any potential malicious activity, such as phishing.

 

Guidance for those working in a hostile environment

Working in hostile conditions needs careful consideration on how to individually operate, since you are likely to be in a position of unfamiliarity, which could lead to heightened distraction. It is important to have a clear understanding on best practice, including:

  • Ensure your password for your laptop is secure. Where possible your password should be a combination of both upper and lowercase letters and a number, with a recommended minimum of 10 characters and include a mixture of lower and higher case letters, symbols and numbers to increase complexity.
  • Make sure two-factor (2fa) authentication is applied to internet facing applications such as Office 365, CRM systems, accountancy software etc.
  • Refresh and revisit your cyber security awareness training for your staff; including executives and ensure they are alert for phishing emails.
  • When working remotely and you have to rely on a public networks such as airport, hotel or coffee shop WiFi, make use of a VPN service (your company’s or that of a third party like Nord VPN) to ensure your network connection remains private. If this is not possible, consider tethering to your device’s mobile data service rather than use the public WiFi service to ensure privacy, particularly when conducting sensitive business online.
  • Consider physical security when working remotely, particularly if you are in a less secure or potentially hostile environment. Be aware of the potential threats, such as the likelihood of your laptop being stolen, the risk of someone ‘shoulder surfing’ whilst you work, or someone listening in on a sensitive conversation.
  • Never leave your laptop unattended – and when you’ve finished your work, log out of your laptop and turn it off before packing it away. And always keep your laptop bag on your person.
  • In the face of the increased risk of a destructive cyber-attack, make sure you have a comprehensive data backup strategy in place that takes into account attacks such as ransomware and wiperware, and that you back up critical data accordingly. Test data recovery regularly to confirm your data backups can be used to successfully recover from this type of malicious data loss event. Along with backup and recovery plans, also ensure you have practiced incident response plans in place to allow you to deliver a coordinated and effective business response to any serious cyberattack.
  • Make sure your laptop has up-to-date antivirus protection.

Ukraine – guidance for business

08.03.22

Ukraine – HR guidance

08.03.22

Ukraine – guidance for private investors

08.03.22

Contributors

Benn Davis Managing Director – Moore ClearComm +44 (0)20 4582 1849

Kickstart your career in accountancy with the award-winning Moore Kingston Smith!

19.04.24

Insolvencies in premium fashion: how can Administration be of use to companies facing major challenges?

18.04.24

Selling a property – don’t miss the 60-day capital gains tax reporting deadline

17.04.24

Get in touch

How did you hear about us?

reCAPTCHA