Cyber Aware Issue: Russian cyber activity in and around Ukraine

Russian cyber activity in and around Ukraine

Russian cyber activity in Ukraine may feel very far away, but all UK organisations have been encouraged to take action in response to malicious cyber incidents, and ensure they are taking cyber safeguards. Care providers are encouraged to check their cyber security arrangements and their practices in light of this recent activity.

The National Cyber Security Centre (NCSC) is keeping track of cyber developments. They have separately highlighted an increased global threat of ransomware, and recently updated their guidance on the heightened threat.

In relation to Russian cyber activity in and around Ukraine, NCSC is unaware of any current threats to UK organisations (w/c 7 February). However, they are stepping up their calls for organisations to build resilience and stay ahead. This means taking actionable steps to reduce the risk of cyber-attacks and their impact if they happen to your organisation.

Michelle Corrigan, Programme Director of Better Security, Better Care says:

“This recent report of malicious cyber incidents in and around Ukraine may feel like a remote risk for care providers in England – but in the cyber world, we are all neighbours. Cyber criminals seek out weaknesses wherever they can find them. Care providers should use the Data Security and Protection Toolkit to assess and improve how they protect their information. But it isn’t a one-off exercise. They need to ensure they follow good cyber security practice in order to reduce the risk of falling victim to malicious cyber-attacks – or unintended breaches.”

As a care provider, you should:

  1. Keep your Data Security and Protection Toolkit submission up to date. For example, if you have changed your IT systems or developed new services, use the Toolkit to ensure you’ve thought through the implications of any changes. Don’t leave gaps in your cyber security.
  2. Contact your IT leads and suppliers if you have not done so recently: Make sure that they are keeping up to speed with emerging cyber threats, such as Russia/Ukraine and the Log4J vulnerability, and take appropriate actions to protect the systems you use.
  3. Create or update your data and cyber security continuity plan: You can use our template plan and guidance. You might find NCSC’s information for small and medium organisations helpful for additional ideas.
  4. Consider purchasing cyber insurance
  5. Report any cyber incidents: Contact the NCSC via https://report.ncsc.gov.uk/.

We will be keeping up to speed with developments, so we recommend that you follow us on Twitter for updates.

More details are also available on the NCSC website.