Russian Agents Are Behind Many Recent Attacks

The UK National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU, which is the Russian military intelligence service. 

These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

Cyber-attacks orchestrated by the GRU have attempted to undermine international sporting institution the World Anti-Doping Agency (WADA), disrupt transport systems in Ukraine, and destabilise democracies and target businesses.

The campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
As Britain has stepped up its cyber-crime offensive against the threat from Russia and terrorist groups with a joint taskforce between the Ministry of Defence and GCHQ.

The unit, which will be made up of some 2,000 recruits from the military and security services industry, is set to quadruple the number of people in offensive cyber-crime roles.

In the commercial world. how do we develop a secure cybersecurity regime?

The potential business revenue from market analysis, rising compliance requirements and security threats must not be ignored. The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency. 

Organisations must review the best ways to go about developing sound cyber-security policies and practices in 2019 that could be used for commercial gain as well as internal commercial security. Here are 5 Recommendations

1.Update software and systems
This requires centralised IT policy that adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to the network, instead of a 'pull' methodology, which notifies the user that a new security patch is available and gives them the option to load this new software when it's convenient.  

2. Conduct top-to-bottom Cyber Security Audits
Your company should conduct a thorough cyber security audit of its IT assets and practices. This audit should review the security practices and policies of your central IT systems, as well as your end-user departments and at the 'edges' of your enterprise, like the automated machines and IoT you might be employing at remote manufacturing plants.  

The audit should look not only at the software and hardware techniques you have in place to protect security but also at remote site personnel habits and compliance with security policies.

These audits should be carried out by an independent cyber-audit business that brings a clear understanding of cyber security to the business being audited – this would be similar to a Financial Audit and so it should also bring a certification of completion and security each year.

3. Provide continuing Cyber-Security Training 
Cyber-security education should be a part of every employee’s work process. 
On a quarterly basis, a refresher course in cyber-security practices should also be given to employee’s company-wide. 
This ensures that security policies and practices stay fresh in employees' minds, and that they understand any policy additions or changes.

4. Sales and Marketing
Your planning, sales and marketing departments should use web search and analysis of the markets, your clients and potential markets and new clients. 
Full electronic market research is very effective for understanding your current clients and building new markets and clients.

5. Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity technologies, policies, and practices in plain language that the Board, and stakeholders understand. 

Business leaders must get themselves up-to-date with new changes, opportunities and potential threats.

Gov.uk:

You Might Also Read: 

What Is The GRU & Who Does It Hack?:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

 

 

 

« Shockwave - A Global Transformation In Warfare
Microsoft Say The IoT Is Under Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SecDev

SecDev

SecDev is a consulting firm working at the intersection of geopolitical, digital, urban, energy and cyber risk.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.