UK organisations told to bolster security amid Ukraine tensions

It joins similar guidance from other Western governments, including those of the USA and Canada

The UK's National Cyber Security Centre (NCSC) has urged large organisations to beef up their defences against possible Russian cyber attacks in the wake of rising tensions over the situation in Ukraine.

Although the NCSC has not detected any specific threats in relation to the events in Ukraine, it said it is important that organisations follow the recommendations, to remain resilient and ahead of potential threats.

Measures suggested include from the very basic - patching systems immediately and implementing a working incident response plan - to the involved, like enhancing access controls and using multi-factor authentication.

The NCSC also advises organisations to ensure their backup and restore mechanisms, as well as online defences, are effective and working as expected.

The most important step for organisations of all sizes to take is to ensure they have at least basic security measures in place to protect their devices, systems and networks.

The alert also encourages victims of cyber attacks to report the incident to NCSC's Incident Management team.

NCSC's new guidance follows similar statements from the US federal agencies, including the Department for Homeland Security and the Cybersecurity and Infrastructure Security Agency.

Companies in the United States have been told to adopt a 'heightened state of awareness' and watch for signs of intrusions by Russian hackers in their networks.

"The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them," said Paul Chichester, NCSC's director of operations.

He added that NCSC has detected a pattern of hostile Russian behaviour in cyberspace over several years, and recent cyber attacks in Ukraine "bear the hallmarks of similar Russian activity".

Ukraine authorities accuse Russia of being involved in those attacks, which Moscow denies.

Earlier this month, multiple Ukrainian government websites were the target of a sustained hacking campaign, with the attackers leaving menacing messages apparently aimed at intimidating Ukrainian citizens.

The attackers targeted websites belonging to the Ministry of Foreign Affairs, the Cabinet of Ministers, the ministries of energy, education, and agricultural policy, and the 'Diia' platform.

Shortly afterwards, Microsoft said it had discovered a destructive form of malware in dozens of government and private computer networks in Ukraine, which appeared to be waiting to be triggered by an unknown threat actor.

Last week, Canada's foreign ministry was hit with a cyber attack affecting 'some access to internet and internet-based services'.

Officials said that the attack targeted Global Affairs Canada, the department responsible for managing the country's diplomatic relations, promoting international trade and providing consular support.

The cyber attack came a day before Canada's Cyber Centre advised Canadian organisations, especially network operators of critical infrastructure, to bolster their defences against Russian state-sponsored threats.

Yesterday, the White House released a new memo instructing federal agencies to move towards a zero trust approach to cybersecurity, to lower the risk of cyberattacks against the government's digital infrastructure.

The document spells out dozens of security measures that federal agencies must implement in the next two years to secure their systems and networks. They include widespread encryption, multi-factor authentication, and more rigorous network segmentation.