The following is a list of measures that need to be taken to strengthen the computer defences of organizations "when the cyber threat is increased" by "zero-day" software failures or geopolitical tensions.
This advice comes in the context of growing fears of a Russian invasion of Ukraine. Microsoft recently discovered malicious software called "WhisperGate" on several Ukrainian systems. Malware reminiscent of NotPetya, the software that targeted Ukrainian organizations in 2017 through a flawed accounting software update, but also infected the global computer networks of American and European companies. The attack cost European and American companies billions of dollars, according to White House estimates.
Rafe billing, a security researcher at Secureworks' threat Unit, believes that American and European organizations could fall victim to WhisperGate in the same way. "while organizations outside Ukraine are unlikely to be directly targeted, clients need to consider their exposure to collateral damage through service providers or business partners in Ukraine," he says.
publicitéHow to limit collateral damage?
"organizations need to be more vigilant and maintain up-to-date backups of critical systems and data, test restoration processes before they are needed, and ensure that backups cannot be affected by ransomware or wiper attacks. "
So what should potentially affected companies do to limit the risk of becoming collateral damage?
The UK Cyber Security Agency (NCSC) states that organizations must strike a balance between cyber threats and defence and notes that "there may be times when the cyber threat to an organization is more important than usual."
"it is rare for an organization to be able to influence the level of threat"
Triggers include a peak in opponent capacity due to new "zero-day" flaws in popular software, or something "more specific to an organization, sector or even a particular country, resulting from hacktivism or geopolitical tensions," says the NCSC.
The NCSC's response is to control what you can, because you can't control the level of threat. This means applying patches to systems, checking configurations, and protecting the network from password attacks.
"it is rare for an organization to be able to influence the level of threat. Actions therefore generally focus on reducing vulnerability to attacks and reducing the impact of a successful attack, "the agency explains.
The Cyber Security Action checklist
The following is a checklist of core cyber security actions that are "important in all circumstances, but critical during periods of increased cyber threat". It is important to take these steps, as organizations are unlikely to be able to implement widespread change quickly when threat levels increase.?
The CSC list includes:
Source: eprints.undip.ac.id
Farewell Touch Bar, I won't regret...
Caddy, the only web server to use H...
Burkina Faso / Gabon (TV / Streamin...
What the future of work will not b...