Cyber guidance for SMEs

The Russian invasion of Ukraine continues to escalate an already intense cyber security threat landscape for British organisations. In addition to potential state-level cyber attacks, the conditions have also been exploited by sub-state hackers acting either alone or in support of the Russian government.

In response to this, the so-called “Five Eyes” intelligence cooperation between the UK, US, Australia, New Zealand and Canada has issued joint guidance to help firms with threats. Here, we unpick that guidance and outline the key points.

What do the latest threats include?

The main threats highlighted in the guidance include new forms of malware and ransomware attacks. It also includes Distributed Denial-of-Service (DDoS) attacks, which inhibit organisations’ ability to function by flooding servers with fake internet traffic that makes it impossible for genuine customers to access services. Lastly, an increase in cyber espionage activities has been reported.

Specifically, the guidance also draws attention to top 15 vulnerabilities targeted by hackers. These include hackers getting remote access to critical code, escalation of privileges, bypassing security, as well as other weak points.

Microsoft Exchange servers are a key target for hackers, with 8 of the top 15 malicious activities looking to target them. Vulnerabilities are also being targeted in the likes of Zoho ManageEngine, VMWare clients, and ProxyShell.

Closing the “unlocked doors”

The guidance contains a detailed series of advice for proactively addressing these potential threats. These fall into:

1. Software updates
2. Multifactor authentication
3. Securing remote desktop (RDP) services
4. Re-train users on cyber threats

The challenge for SMBs

This may be easier said than done for many SMEs with limited IT skills or resource. From implementing centralised patch management to enforcing MFA or a VPN, these initiatives require careful planning and implementation.
It takes time to evaluate solutions, not to mention cutting across the sales jargon to identify gaps in your cyber defences.

There are many point solutions to choose from, but implementing an integrated cyber security strategy is essential to reducing the risk of gaps and vulnerabilities.

“If a hacker wants to get in, they will get in”

Making it as difficult as possible for hackers to access your company’s network is essential, but such is the sophistication of many attacks, to some extent is a matter of time.

With this in mind, it is sensible to build and implement a comprehensive cyber incident response strategy into your firm’s wider operational plan. This should include the ability to backup data offline, conduct penetration testing, encrypt data, and include recovery documentation.

Need some help turning cyber security noise into an actionable plan for your organisation? Get in touch and the CLOUD Community can help.