While attention is naturally focused on events such as the armed conflict in Ukraine, there are also growing threats when it comes to cyber security. Nation-states and groups of politically motivated cyber criminals are increasing their efforts to cause disruption and losses around the globe.
With these threats on the rise, organisations need to be clear about the steps that they should take to reduce the chance of attacks being successful. Plans need to be executed now to ensure protective measures are sufficient and key systems and data can remain secure.
The situation has prompted the United Kingdom’s National Cyber Security Centre (NCSC) to release some new guidelines that are relevant to organisations around the world. They focused on the steps needed to avoid staff burnout during extended periods of heightened cyber security threat.
The NCSC report emphasises the importance of focusing not just of best practice security controls and measures, but also on the human element of cyber security. It recommends a ‘whole-of-organisation’ approach be undertaken than incorporate comprehensive user awareness training.
Here in Australia, with the IT and cyber industries offering well-paid jobs, many of which are going unfilled, the new Labor government is expected to boost training for mature, older workers, allowing them to re-skill and change professions.
The long haul
The NCSC guidelines come at a time when what was expected to be a brief conflict in Ukraine drags on for many months. They caution that cyber security steps and decisions that were made when the war first started, now need to be evaluated and amended.
According to the agency, there are two distinct phases of such geopolitical tension. The first, dubbed an acute phase, is the period during which organisations need to strengthen their IT defences and address any existing vulnerabilities.
This followed by a more protracted phase where organisations must maintain that stronger posture over a much longer period of time. This is the situation currently being faced.
Proactive steps
According to the NCSC, there are a range of best-practice steps that all organisations should be undertaking to ensure their levels of IT security remain robust in the long term. These steps include:
- Constant vulnerability management: IT teams should always be on the lookout for weaknesses and apply software patches as soon as they are released.
- Enhanced access controls: Limiting access to IT resources to those whose permission is critical.
- Up-to-date antimalware: Malware tools and firewalls need to be constantly updated and correctly configured as they represent a critical line of defence.
- Regular data backups: Thorough backups are critical to ensure that normal operations can be resumed as quickly as possible should an attack take place.
- Incident response planning: Detailed plans need to be drawn up which detail the steps that should be taken in the wake of an attack. This will help to minimise the impact and get systems back to normal as quickly as possible.
- Review third-party access: Regular reviews of third parties that have access to IT resources will reduce the likelihood that unauthorised entry will occur.
Maintaining your security team
While these steps are vital for ensuring strong security, attention must also be given to the wellbeing of those staff in the IT security team. Increased workloads and extended hours can lead to significant pressures and burnout. Some steps that can be taken include:
- Better empowerment: Empowering IT security staff to make decisions, in order to enhance agility and free leaders to focus on medium-term priorities. Train employees on the latest threats so they can recognise and report attacks.
- Spread the load: Spreading out required work more evenly across a larger pool of staff will reduce the risk of burnout and enable less experienced employees to benefit from new opportunities.
- Time off: Ensuring staff have adequate time away from work to recharge is vital. Review staffing schedules to ensure this happens.
- Checking in: Staff should be encouraged to look after each other and check for signs that colleagues may need assistance.
Additionally, implementing the Australian Cyber Security Centre’s Essential Eight would help businesses to strengthen their security postures with eight mitigation strategies. These include application whitelisting, patching applications, configuring Microsoft Office, application hardening, restricting administrator privileges, patching operating systems, multi-factor authentication, daily backups, and social engineering.
The conditions currently being faced by organisations around the world are unlikely to change any time soon. By taking these recommended steps, IT security teams will be much better placed to deal with cyber security threats over the long term.
Mark Lukie, director of sales engineering, APAC, Barracuda
