Skip to content
  • Thursday, May 15, 2025
businessroundtable

businessroundtable

Enjoy business

  • Advertising & Marketing
  • Business News
  • Enjoy business
  • business
  • finance
  • About Us
    • Advertise Here
    • Contact Us
    • Privacy Policy
    • Sitemap
  • Home
  • Strengthening your cyber security during the Ukraine crisis
Advertising & Marketing

Strengthening your cyber security during the Ukraine crisis

April 22, 2022
Anita Leslie

Table of Contents

Toggle
  • Why is cyber security important?
    • What types of cyber attacks are there?
  • Who is a viable cyber attack target?
  • How can I defend against a cyber attack?
    • 1) Websites
    • 2) First-party data
    • 3) Personal data
  • How can I plan for risk?
    • 1) Train your teams
    • 2) Create a clear incident response plan
    • 3) Run regular fire drills 
  • How else can I protect my business?
  • Where does CovertSwarm come in?

[ad_1]

This week’s guest blog is written by Luke Potter, Chief Operating Officer at ethical hackers, CovertSwarm.

Bolstering your cyber security – from both a private and organisational standpoint – should always be your top priority. And now, with evidence of cyber warfare spreading from the Ukraine crisis, it’s more important than ever.

Why is cyber security important?

Any cyber security vulnerability creates an opportunity to exploit your information. Cyber attacks can cause untold damage to your business, data and reputation, and can be issued from any corner of the internet – or the world.

Plus, with many attacks having the potential to spread between systems applications and countries in a lateral creep, nobody – and nowhere – is truly safe.

What types of cyber attacks are there?

There are countless ways to compromise a website or application but, during this crisis, we’re seeing particular types of attack gaining traction.

They all come under the umbrella of unethical hacking and include:

  • Ransomware: Malware that holds your data to ransom, only releasing it if you pay criminals a fee.
  • DDos (denial of service) attacks: Equivalent to stuffing a letterbox full of envelopes, these overwhelm websites with requests and traffic to take them offline.
  • Zero-day exploits: Like a countdown hitting zero, this is where a bad actor has found a yet unknown vulnerability and an attack is underway.
  • Phishing: Fraudulent emails which coerce people and systems into revealing sensitive information, or trick them into granting access to your infrastructure.
  • Misinformation: Deliberately spreading fake news, misinformation and propaganda – usually with political aims – to impact the world both online and off.

And there’s plenty of evidence these kinds of cyber attack are being used right now.

In March 2022, Ukraine’s telecoms company (Ukretelecoms) was brought down by bad actors, and there have also been cyber attacks on Ukraine’s banks and defence ministry. But this ongoing cyber war isn’t just limited to government and private sector targets. Back in 2017, NotPetya ransomware was unleashed. One of its biggest targets was MAERSK, a global shipping conglomerate, which suffered over $200mn in losses.

Who is a viable cyber attack target?

Typically, the targets we’re seeing during this cyber war can be divided into those who are high-risk and those who are high brand.

The first camp centres around government bodies and critical infrastructure – like Ukrtelecoms – which are highly visible to the public. The second concerns big-name PR targets and aims to undermine confidence while causing mass-scale disruption.

How can I defend against a cyber attack?

Since the Ukraine invasion began, the UK’s Secretary of State for Defence, Ben Wallace, was quoted in the media as saying ‘the best form of defence is offence’. That’s exactly our ethos at CovertSwarm, as we work to outpace our clients’ cyber threats through delivering proactive cyber security services.

Being a strong voice in the cyber community, we do all we can to share our knowledge and experience with others. Here are some of our top tips for businesses and individuals looking to protect themselves – and their information.

1) Websites

– Establish a comms back-up plan. NotPetya famously took out MAERSK’s communications, leaving them with only WhatsApp as a form of content. If your central comms fall, you need a tried and tested way to re-establish a connection. One way of doing this is to inform your staff and stakeholders about back-up channels – Signal, WhatsApp, even SMS – if your main comms are taken out. Another way could be to post an agreed hashtag on social media that gives directions on how or where to regroup. Whatever it is, you’ll need several contingency plans to keep communication channels open.

– Practise good cyber hygiene. The idea behind this is that forming a small set of cyber health habits – which follow you from home to the workplace and vice versa – can prevent a large, metaphorical health problem for your business. In other words, it’s about having a security mindset for all your digital activities, in order to build greater protection. Examples include setting complex passwords, controlling admin privileges, and performing regular back-ups and updates to safeguard systems.

– Control log-ins. If you’re a business with an admin interface that allows a user to log in from anywhere in the world, you’re also opening yourself up to an attack from anywhere in the world. Instead, use an office network or VPN (Virtual Private Network), or consider multi-factor authentication.

2) First-party data

– Know your attack surface. Understanding the size and scope of your organisation – and where the boundaries lie – is the first step in protecting it.

An attack surface doesn’t just mean technical elements like IPs, subdomains or your website, but instead covers everything you expose – forums, social media, process documents in the public domain, published research, and even your people. State-sponsored or otherwise, bad actors start with an attack surface, then look for a point of compromise. So, even with regular patches, system hardening and staff education, it might not be enough if you’re not looking holistically at your attack surface. It’s the reason why some organisations keep finding things for years on an old software release.

– Secure data across locations. It might seem like the more places you hold your data, the greater the risk. But that’s where multi-cloud strategies and availability zones come into play. As well as having your data across various clouds (even multiple vendor clouds), it’s important to use various physical locations that are also geographically distant.

Next, think about a disaster recovery strategy to call on if multiple environments go down, like a hard data back-up or a code held by an actual person (like the CEO). You’ll also need to consider how quickly you can rebuild in a given recovery time objective (anywhere from a few hours to a week or more), which should be based around the frequency of your application updates.

– Harden your systems. To be best protected, you should ensure what you have in your system is all that’s needed to operate or provide that service – like a cyber security version of a minimum viable product. Ways to harden your system could include removing unnecessary drivers, using authenticating systems to grant access permissions, and additional file encryption for extra security.

3) Personal data

– Run regular updates. Don’t put off installing the latest version of iOS or updating your version of Windows. New software releases often contain patches for security holes and bug fixes, as well as adding new features to your devices. Updates should be installed across both software and hardware to provide the highest level of protection.

– Be cautious online. Never click a link, open an email or download a file from a suspicious or unfamiliar sender or website. It’s possible to infect your device simply by viewing a rogue website or clicking on a compromised message, so it pays to be wary.

– Use strong passwords and multi-factor authentication. You can discover password best practices for 2022 on our blog but as a general rule, for multi-factor authentication, the more verification points you need for a device, website or system, the more robust your cyber security will be against unethical hacking. For example, you might need a password and fingerprint to unlock your computer.

– Guard against malware. From regular virus scans to installing anti-malware or implementing a secure firewall, it’s all to help increase your device’s immunity and minimise the risk of infection and data compromise.

How can I plan for risk?

The better prepared you are for a range of attacks, the smaller the impact will be when a breach occurs. Planning for risk is an effective way of combating threats because your staff will know what to do in various scenarios, you’ll have contingencies and back-ups in place if the worst does happen, and ultimately, you’ll get up and running again much faster. All this can help you retain your business reputation and minimise any financial impact. 

We’d advise on three steps.

1) Train your teams

– Breed a culture of cyber security. When it comes to your business, everyone is responsible for cyber defence and for raising the alarm if and when a breach occurs – it’s not solely down to your IT department, infosec policy or board. Everyone should know their role and follow best practices to protect themselves, others and your wider organisation. Use engaging content to encourage people to keep your security policies front of mind, helping them exercise a natural caution in their daily working lives. 

– Raise awareness. Whether it’s risk planning for a potential breach or debriefing after an attack has occured, it’s key to communicate with your team. In the case of prevention, engage with your people in a way that’s relevant to them, and not focused on technology, frameworks or languages they don’t understand, have experience of, or find specific enough to their work. If an attack does happen, tell a story about what happened, how it was done, what it meant to your business and why it matters, so your staff can learn from it.

– Have an internal bounty. A reward or incentive can encourage your team to flag suspicious activities and potentially ward off an attack before the damage happens.

2) Create a clear incident response plan

When something goes awry or seems suspicious, your incident response programme should be something everyone knows like the back of their hands. Instead of a 20-page document, a side of paper with clear bullets on who’s responsible for what, how to escalate concerns and how to keep communication channels open is key. 

You could also try a visual (like a poster) or use a different medium (such as video) to give a clearer snapshot. Whatever it is, keep it fun and accessible, and have it as the top link on your team intranet. Then, just like with team training, reward the behaviour you want to see. It’s far cheaper than handling the fallout from a breach — and the hassle that comes with it.

3) Run regular fire drills 

So, your team knows about building exits and the car park assembly point in a fire. Do they know what to do if a cyber criminal strikes? 

Cyber security fire drills help you spot who’s inactive and stressed versus who’s calm and productive. Like a football coach, you can then assess your team’s performance and work out where you need more action, control and communication for a future response. One word of warning, however: take care over false alarms. Often the result of badly-tuned services and altering mechanisms, they can run down your blue team outfits.

How else can I protect my business?

One thing we often highlight to businesses and individuals is the importance of our cyber community. We all have something to offer, and by coming together we can pool our knowledge and experience. There are so many ways to get involved:

–    Attend regular conferences and networking events

–    Reach out to others in similar roles

–    Speak or give back to the community (e.g. through how-tos)

–    Pick up the phone and ask for help

Ultimately, we’re all on the same side, fighting for the greater good and working to defend what matters to us. Don’t be afraid to ask for help.

Where does CovertSwarm come in?

At CovertSwarm, we’re a modern, offensive security partner for over 70 global brands and have knowledge, capabilities and insights that benefit every company from SMEs to mega enterprises.

Whether you need an informal chat, real-time assistance or a long-term partnership, our door’s always open. And, if we can’t help, we’ll know someone who can. As a strong voice in our cyber and IT community, we’re on your side – working to defend and support applications through the Ukraine crisis and beyond. See how we could help. 


[ad_2]

Source link

Tags: ""Succeeded His Business"", "Business Plan Loan Originayor, 2 Of Cups Business, 525 Business 5 Bankruptcies, Accounting Business Letter To Client, Bracken Business Communications Clinic, Business Account No Deposit, Business Administration Fafsa, Business Balance Sheet Explained, Business Card, Business Card Printing La Plata, Business Card To Secret Website, Business Cards Media Bar, Business Central Png, Business Coaching Site Cloudfront, Business Contract Lawyer 47201, Business Marketing Pearson Quizlet", Business Milleage Leager 18, Business Mobile Broadand Plans, Business Plan For Supplement Company, Disrupting Digital Business Harvard, Ffiec Business Continuity Templates, Gauge Ear Piercing Business, Good Openings For Business Letters, Holton Investment Business, Indiana Wesleyan University Business, Indianapolis Business Times, List Business In Search Engines, List My Business Yahoo, Lunch Susbcription Business Model, Morgan Hill Business Liocense Renewal, Nee Small Business Bill Signed, Negotiating Business Acquisitions Practical Law, Networking Trends Small Business, New Business In Shorewood Il, School Business Officer Being Unethical, Small Business Administration Mass, Small Business Comunity, Small Business Corporation South Africa, Small Business Depew Llc, Small Business Medical Offices Chicago, Small Business Office Lakewood Nj, Small Business Plans Verizon, Small Business Storage Array, Small Business Sucess Stories, South Florida Business Journal Twitter, Torrington Ct, United Business Tech Response Sla, United Domestic Business Food, Video Business Woman Bukkake, Ways To Improve Business Technologyreddit

Post navigation

73 Year Old Family Business. How She’s Leading It In Modern Times.
Patagonia CEO: Business Leaders Must Do Better to Protect Our Planet
May 2025
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  
« Apr    

Archives

Recent Posts

  • How China-US Trade Agreement Tariffs
  • How Financial Planning Meets Investing: The Perfect Combo
  • How to Create a Monthly Financial Plan That Works
  • Who Won the Biden Trump Debate: Experts Weigh In
  • Biden vs Trump Debate: Fact-Checking the Claims

BL

Tags

"Business Insurance Cover Coronavirus 5e Business Profit Ahron Levy Columbia Business School Att Business Login Business Consultant Certification Austin Business Letter With Logo Example Business Located Easy Location Business Platform Stocks Business Positions Seattle Business Regulation Legal Services Daystarr For Business Dimagi Business Development Toolkit Do Business Schools Accept Entreprenuers Enironmentall Friendly Business Ideas Eric Early Republican Business Owner Essec Business School Dean Essential Business To Remain Open Example Small Business Fall Winter Business Hours Template Fdot Woman Owned Business Certification First Business Women United States First Com Business Fixing A Damaged Reputation Business Florida Business Enforcement Free Small Business Communication Tool Law School Business Entity Outlines Mapping A Business Location Medical Business Trends Economics Mix Business And Personal Money Mlm Nit Small Business Legally New Business Agency Sales Questions Patricia Saiki Women'S Business 1990 Safety Business Proposal Sample Business Plan Entrepreneur School Business Administration Positions S Corp Business Deductions Search Tx Business Llc Sentextsolutions Business Cards Signs For Business On Roads Skype For Business Recording Capacity" Small Business Forums .Net Small Business Insurancr Tech Monkey Business Ttu Business Cards Template Turbotax Business Nys Forms

Partner Links

pypvaporisimo
hbogoactivate

links

Charting Success with Business Chartz
Surf the Code Wave Up

BR

quinoaagent
MirnaHeadlines

bp

backlinkplacement.com

Related Article

Business News

Who Won the Biden Trump Debate: Experts Weigh In

May 2, 2025
Anita Leslie
Business News

Biden vs Trump Debate: Fact-Checking the Claims

April 29, 2025
Anita Leslie
Business News

Tips to Choose the Best Business Web Hosting Platform

July 25, 2024
Anita Leslie
Business News

Facebook Small Business Marketing – How To Get More Traction

July 17, 2024
Anita Leslie
Copyright © 2025 businessroundtable
Theme by: Theme Horse
Proudly Powered by: WordPress

WhatsApp us