International Association of CIP Professionals

Ransomware: What board members should know and what they should be asking their technical experts

Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards.

The impact of a ransomware attack on an organisation can be devastating. So what should board members be doing to ensure that their organisation is prepared for such a ransomware attack, and in the best possible place to respond quickly ?

This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.

Why should board members concern themselves with ransomware?

Cyber security is a board-level responsibility, and board members should be specifically asking about ransomware as these attacks are becoming both more frequent[1] and more sophisticated.

Ransomware attacks can be massively disruptive to organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.

What do board members need to know about ransomware?

Board members don’t need to be able to distinguish their Trickbots and their Ryuks, but knowing the basics of how ransomware works will mean they can have constructive conversations with their technical experts on the subject.

So what do you need to know about ransomware?

- Ransomware is a type of malware that prevents you from accessing your computer (or the data stored on it). Typically, the data is encrypted (so that you can’t use it), but it may also be stolen, or released online.

- Most ransomware we see now is ‘enterprise-wide’. This means it’s not just one user or one machine that is affected but often the whole network. Once they’ve accessed your systems, attackers typically take some time moving around, working out where critical data is saved and how backups are made and stored. Armed with this knowledge the attacker can encrypt the entire network at the most critical moment.

- The attacker will then usually make contact with the victim using an untraceable email address (or an anonymous web page), and demand payment to unlock your computer and/or access your data. Payment is invariably demanded in a cryptocurrency such as Bitcoin and may involve negotiation with the humans behind the ransomware (who have spent time in your organisation’s networks assessing how much you might be willing or able to pay).

- However, even if you do pay the ransom, there is no guarantee that you will get access to your computer, or your files.

- We have also seen cyber criminals threaten to release sensitive data stolen from the network during the attack if the ransom is not paid.

- The government strongly advises against paying ransoms to criminals, including when targeted by ransomware. There are practical reasons for this (see question 4) and also concern that paying ransoms likely encourages cyber criminals to continue such attacks.

Full details at https://www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware

Leave a comment criticalinfrastructureprotection, cybersecurity, ncsc, ransomware

British tech startups offered help to keep innovations secure

May 25, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

New guidance from the NCSC and the Centre for the Protection of National Infrastructure (CPNI) to help fledgling technical companies consider key questions around security.

UK startups working on world-leading emerging technology are being offered new guidance to help secure their innovations from a range of security risks.

The guidance from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the Centre for the Protection of National Infrastructure (CPNI) helps fledgling companies working in emerging technologies consider key questions around security.

Launched during the NCSC’s flagship CYBERUK event, the guidance encourages companies to take steps to strengthen their defences against criminals, competitors and hostile state actors.

UK companies working in emerging technologies are likely to be a particularly attractive target to a wide range of actors, including those backed by foreign states seeking technological advancement.

The ‘Secure Innovation’ package of guidance was developed in consultation with emerging technology companies and highlights the importance of laying strong security foundations that can evolve as startups grow, in a cost-effective and proportionate manner.

NCSC Technical Director Dr Ian Levy said:

“The UK has one of the world’s best startup ecosystems, which makes companies working in emerging technologies a target for hostile actors.

“That’s why alongside CPNI we have created bespoke guidance which aims to show these companies what good physical and cyber security looks like and how to implement it.

“Putting good security in place now is a sound investment for these companies, helping lower the risks of future disruption and enhancing their attractiveness to investors.”

The Director of CPNI said:

“UK start-ups and scaleups raised record investment in 2020, closing nearly £11billion in venture-capital funding, despite the obvious challenges. A large part of this success story is how open and engaging UK businesses have always been with their international partners. As new markets continue to emerge, so will the potential threats to companies’ intellectual property and ideas at the hands of hostile states, criminals, and competitors.

“Developed in partnership between CPNI and NCSC and aimed at companies in emerging technology, Secure Innovation provides a holistic approach to all aspects of security, ensuring that good cyber principles are not undermined by physical, and people risks which could threaten the success of a start-up if not managed well from the outset.

“Based on CPNI and NCSC’s technical expertise in protective security, this guidance provides the tools to establish simple, low cost and pragmatic security-minded behaviours from the outset, making protecting their innovation and ingenuity as easy as possible.”

The Secure Innovation guidance, aimed at founders or chief executives of emerging technology startups, explains how security can be integrated into an organisation’s culture and advocates for security focused risk management around supply chains, IT networks, information, people and physical security, cloud computing and more.

Leave a comment criticalinfrastructureprotection, cybersecurity, ncsc

CISA releases new 5G paper with NSAcyber and ODNIgov: Potential Threat Vectors to 5G Infrastructure

May 17, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

Securing Critical Infrastructure operations means ensuring cybersecurity practices are incorporated within 5G.

The deployment of 5G has begun, and with it, a wealth of benefits that has the potential to impact every aspect of our lives and work. With faster connectivity, ultra-low latency, greater network capacity, 5G will redefine the operations of critical infrastructure activities from the plant floor to the cloud. It will enable large-scale connections, capabilities, and services that can pave the way for smart cities, remote surgery, autonomous vehicles, and other emergent technologies. However, these capabilities also make 5G networks an attractive target for criminals and foreign adversaries to exploit for valuable information and intelligence and even global disruption.

To secure the full scope of 5G use cases, it is critical that strong cybersecurity practices are incorporated within the design and development of 5G technology. In March 2020, the White House developed the National Strategy to Secure 5G, which outlines how the Nation will safeguard 5G infrastructure domestically and abroad. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—initiated an assessment of the cybersecurity and vulnerabilities to 5G infrastructure. The ESF established the 5G Threat Model Working Panel which developed this paper, Potential Threat Vectors to 5G Infrastructure, to enhance understanding of the threats posed to 5G adoption.

The Working Panel reviewed existing bodies of public and private research and analysis to identify and generate an aggregated list of known and potential threats to the 5G environment. From that list, they identified three primary threat vectors areas—Policy and Standards, Supply Chain, and 5G Systems Architecture—and within these threat vectors, 11 sub-threats were identified as additional points of vulnerability for threat actors to exploit (i.e., open standards, counterfeit parts, and multi-access edge computing). This paper represents the beginning of the Working Panel’s thinking on the types of risks introduced by 5G adoption in the Unites States, and not the culmination of it.

With the promise of connectivity between billions of Internet of Things (IoT) devices, it is critical that government and industry collaborate to ensure that cybersecurity is prioritized within the design and development of 5G technology.

https://www.cisa.gov/publication/5g-potential-threat-vectors

Leave a comment 5g, CISA, criticalinfrastructureprotection, cybersecurity, cyberthreat, ncsc

US and UK agencies release cybersecurity advisory on recently modified tactics by Russian intelligence agency

May 15, 2021 Neil Walker Agency News, Cyber Security CII sector, Industry News

The FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency collaborated with the United Kingdom's National Cyber Security Centre to release a Joint Cybersecurity Advisory examining tactics, techniques, and procedures associated with Russian Foreign Intelligence Service (SVR). The advisory provides additional insights on SVR activity including exploitation activity following the SolarWinds Orion supply chain compromise.

CISA released a related document, Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise, that summarizes three joint publications focused on SVR activities related to the SolarWinds Orion compromise.

SVR cyber operators appear to have reacted to prior reporting by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders.

Leave a comment CISA, criticalinfrastructureprotection, cyberattack, cybersecurity, ncsc

NCSC releases cyber security advice for agriculture sector

December 23, 2020 Neil Walker Agency News, Cyber Security CII sector, Industry News

Farmers will for the first time have access to tailor-made cyber security advice published in response to the growing use of technology in the agriculture sector.

The new Cyber Security for Farmers guidance from the National Cyber Security Centre – a part of GCHQ – and the National Farmers’ Union (NFU) will provide the farming community with the tools and information it needs to protect itself from the most common cyber attacks, including scam emails and malicious software.

Businesses in the agricultural sector are increasingly taking advantage of the benefits modern farming technology can provide, such as GPS, remote sensors, and farm management software.

But with official statistics showing a rise in reports of cyber attacks against the farming community, and in the wake of well-documented incidents such as spoof farm machinery adverts leaving farmers thousands of pounds out of pocket, the NCSC and NFU are urging the sector to act on the new guidance.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said: “Technology plays a huge role in modern farming and offers many benefits that will help the industry to thrive in the 21st century.

“We are teaming up with the NFU to share best online practice to the sector, as an increased use of technology also sees an increased risk of being targeted by cyber criminals.

“Staying safe online might seem daunting, but the actionable advice in ‘Cyber Security for Farmers’ will help the sector to stay as safe as possible while embracing the latest technology.”

The advice, which can be found in full on the NCSC’s website, includes guidance on

- protecting your farm against malware;

- keeping devices up to date;

- where to go for help;

- backing up data, and;

- dealing with scam emails, text messages, and phone calls.

Stuart Roberts, Deputy President at the NFU, said: “Rural crime is a huge issue for farm businesses and we rightly look to protect our farm buildings, machinery and our livestock. However, we all live and work in a digital world and we must be conscious of the threats this can bring to our businesses.

“It’s incredibly important that farmers take this seriously, which is why we’ve teamed up with the experts in the National Cyber Security Centre to help produce this guidance. I would urge all farmers to read this advice and take the necessary steps to reinforce their cyber security and protect their farm business.”

The NCSC is committed to raising cyber security and resilience across every part of the UK, and this includes supporting businesses, academia, and the charity sector, as well as the public through the Cyber Aware campaign.

NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response

November 18, 2020 Neil Walker Agency News, Cyber Security CII sector, Industry News

THE National Cyber Security Centre defended the UK from an average of 60 attacks per month during a year which saw its resources proactively focused on the coronavirus response, the organisation’s latest Annual Review revealed today.

The NCSC, which is a part of GCHQ, handled 723 incidents between 1 September 2019 and 31 August 2020, with around 200 related to coronavirus. In the previous three years since launching, they supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019).

The growth this year reflects ongoing NCSC efforts to proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves.

In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.

With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and the City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.

The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.

A new remote working scenario was added to the NCSC’s ‘Exercise in a Box’ programme. The initiative, which allows people to test their cyber defences against realistic scenarios was used by people in 125 countries this year.

Leave a comment criticalinfrastructure, cybersecurity, ncsc

« 1 2