NCSC CEO: Hostile states linked to 3/4s of cyber attacks affecting UK’s critical systems

The NCSC has published an article on the scale of threat to the UK’s critical infrastructure from hostile countries, including but not limited to Russia, China, and Iran.
https://www.ncsc.gov.uk/news/ncsc-ceo-hostile-states-linked-to-three-quarters-of-cyber-attacks

A pair of key take aways for our customers:
• Implement a comprehensive logging system. Without log data it may not be possible to establish how a threat actor gained initial access and in turn prevent it in the future.

o EDR data is now essential, stored for as long as the organisation can afford – target 90 days, be aware of the limitations of EDRs that only store 14 days (or less!) of data and consider extending that data retention.

o If you have cyber security insurance or an incident response contract engage with them to identify what sources of data they can work with.

• Vulnerability management must move at the speed of relevance. Threat actors don’t care if you ‘accept’ the risk.

o Identify systems (e.g. web servers/VPNs/remote management tools) exposed to connections from untrusted networks (e.g. the Internet, Guest Wi-Fi).

o Setup timely alerts from vendors when new vulnerabilities are identified and when patches become available.

o Implement processes to identify, prioritise, remediate, and validate (the remediation of) vulnerabilities.

o Consider procedures to take a system offline (or restrict access) ahead of patching.

LET’S TALK ABOUT YOUR DATA SECURITY