Red alert – businesses warned of cyber-attacks

Jim Hawkins of cyber-security firm C3IA Solutions

Businesses should be extra vigilant about their cyber-security due to the ongoing situation with Russian and Ukraine, according to experts.

C3IA Solutions, a leading cyber-security company headquartered in Poole, Dorset, said cyber-attacks on companies are a real and growing threat.

Those businesses that supply to the Ministry of Defence (MoD) or the government are particularly at risk.

Russia has been accused of orchestrating a number of cyber-attacks, including on the Ukrainian power grid and on their banks and official websites.

Jim Hawkins of C3IA Solutions, which was one of the first companies certified by the National Cyber Security Centre (NCSC), said: “Cyber-attacks do not respect international boundaries and the risk of overspill, intentional or not, is why the NCSC has said that the UK’s cyber risk has been heightened.

“The NCSC and the Centre for the Protection of National Infrastructure (CPNI) have warned organisations to review their cyber-security resilience.

“Having Cyber Essentials certification is always something we’d recommend as a basic level of security.

“But there are other things businesses can do to improve their business resilience.

“All systems should be patched, especially those with vulnerabilities that are known to have been exploited, critical services should be backed up and incident response plans tested for functionality.

“Multi-factor authentication should be implemented, and we’d recommend that businesses follow the NCSC guidance on password management.

“Educating staff about the risks and how to recognise them is also an important step.

“How to identify suspect emails and how social media and business networking platforms can be used by attackers are something that should be explained to staff.

“Threats can range from DDoS attacks, which basically flood a system to slow it up and stop it working, to more sinister ones that can plant spyware and steal information.

“In the event of an attack the NCSC wants businesses to report it to them so a picture can be created of threats.”

Paul Chichester, NCSC Director of Operations, said: “While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.”