It’s National Cybersecurity Awareness Month, and today’s cyber security threats are no joke.
Russia has engaged in a sustained, malicious cyber campaign against Ukraine and its allies since the February 24 invasion.
However the lack of success shows that it’s possible to defend against cyberattacks, even against some of the most sophisticated and persistent attackers, says the UK’s cybersecurity chief.
Try as they might, Russian cyberattacks simply have not had the intended impact. The Ukrainian cyber defence teaches us a wider lesson, for military theory and beyond.
This lesson is that, in cybersecurity, the defender has significant advantage, because in many ways you can choose how vulnerable you can be to attacks.
In the run-up to and since the invasion of Ukraine, the country has been hit by a series of cyberattacks that have been attributed to Russia.
These include distributed denial of service (DDoS) attacks against the Ukranian government and financial sector, as well as wiper malware campaigns designed to destroy systems by rendering them unusable.
These weren’t the first offensive cyberattacks linked to the Russian state that have targeted Ukraine; attacks previously caused power outages in the winters of 2015 and 2016.
Then, in 2017, Russia launched the NotPetya wiper malware attack against Ukraine, but the impact spread further, causing billions of dollars of damage around the world.
What we have seen is a very significant conflict in cyberspace, probably the most sustained and intensive cyber campaign on record. But thanks to the efforts of Ukrainian cyber defenders and their allies, these attacks lack success.
This activity has provided us with the clearest demonstration that a strong and effective cyber defence can be mounted, even against an adversary as well prepared and resourced as the Russian Federation.
Not only does this provide lessons for what countries and their governments can do to protect against cyberattacks, but there are also lessons for organisations on how to protect against incidents.
Whether it be a nation-state backed campaigns, ransomware attacks or other malicious cyber operations. Commitment to building long-term cyber resilience is beyond important in today’s world.
Building resilience means we have an understanding of today’s cyber threats and know that most threats will be unable to breach our defences. And when they do, we can recover quickly and fully.
The NCSC has previously suggested that organisations should be operating at a heightened threat level, and has made recommendations that should be followed to help protect against cyberattacks, or diminish collateral damage as a result of wide-scale cyber events.
These recommendations include, verifying that all software is up to date with the latest security patches, checking that backups are working properly, and having an incident response plan in place.
There may be organisations that are beginning to think ‘is this still necessary?’ The answer is an strong yes.