News

Five Steps MOD Organisations Can Take to Help Guard Against the Next Cyberattack

Paul Parker, Chief Technologist, Federal & National Government, SolarWinds providehis insight into the steps organisations should take to protect against the ever-evolving cyber threat. 

The devastating impact of the WannaCry cyberattack on the NHS in May last year marked a turning point in the UK public sector’s approach to cyber security. A ‘lessons learned review’ was published by NHS England, followed by the government’s launch of the Cyber Essentials Standard, which identifies fundamental technical security controls that organisations should have in place to help defend against threats. It’s indicative of a government that has come to regard cyber attacks as ‘the new normal’—it’s no longer about ‘potential’ threats, but a common occurrence that must be dealt with appropriately and according to standard protection processes.  

Of particular concern is the importance of securing defence organisations and critical infrastructure. In the modern age, these systems are increasingly connected and digitised. While this supports advancements in safety and efficiency, it almost certainly increases the risk of cyber attacks as well.   

While the MOD has been at the forefront of national defence since its foundation, cyber defence is a rapidly evolving challenge. To counteract this, there is a lot that MOD agencies can do to develop and maintain good security postures that support these and other efforts. The best form of defence is advanced preparation, which can be done by proactively working to strengthen network defence systems in anticipation of the next threat.  

 Here are five steps that can be taken to help achieve this:  

 

1) Proactively identify and eliminate vulnerabilities  

Better visibility and understanding of network devices can be key  to achieving optimum government cyber security preparation. Organisations can do this by maintaining up-to-date device whitelists or known asset inventories and comparing the detected devices accessing the network to those databases. Decisions can then be made based on the whitelist.  

Legacy hardware and software applications might have security holes that can no longer be patched. Identifying these vulnerable assets and updating them or replacing them with modern systems that are built for today’s security environment is likely to be more cost-effective—and more secure—than trying to maintain older systems. Recognising that not all legacy systems can be easily replaced, there should be a network isolation and strategy to help secure the otherwise insecure. That said, new systems need to be approached with due caution; in response to an FOI request earlier this year, the MOD cited security/compliance concerns as one of the barriers its agencies experience to public cloud adoption. Taking a realistic, if cautious, view of all technologies before deployment is essential to make sure that new initiatives meet the required security standards before deployment.   

 

2) Update and test security procedures  

Security drills should be nothing new for MOD agencies and contractors, and cyber security should be no exception. The US has a great example of this with the Department of Homeland Security’s Cyber Storm biennial exercise series, which puts participants through a series of activities designed to boost their cyber security response capabilities.  

But it is equally important to test capabilities on a smaller scale and monitor performance under simulated attacks. It’s good practise for organisations to get into the habit of testing each time a new technology is added to the government network operations. Teams should update and test their security plans and strategies frequently. In short, verify, then trust. An untested disaster recovery plan may end up as its own catastrophe. 

 

3) Prioritise education 

Lack of training could pose risks if IT professionals are not appropriately knowledgeable about the technologies and mitigation strategies that can help protect their organisations. The Cyber Essentials scheme can assist in this regard – it offers three levels of engagement, including knowledge, certification, and enhanced certification to help IT teams to understand needs and establish a set of standards for their organisations.  

Once these standards are in place, it’s important for senior leadership to consistently reinforce them with weekly meetings, quarterly check-ins, reports, or other means. Establishing that baseline level of knowledge can help those on the cyber security front lines better understand what is at stake and where they need to focus their efforts. 

It’s also sensible to invest in continuous user training to support team efficacy. This includes solution training, but it may also encompass sessions that focus on the latest malware threats, hacker tactics, or the potential dangers posed by insiders.  

 

4) Take a holistic view of everyone’s roles 

Unfortunately, organisations too often hire individuals with unique skillsets who can be too focused on their individual roles. A network manager might be worried about network penetration testing, for example, while the virus team might be worried about the next WannaCry ransomware attack.  

These days, no one can afford to operate in isolation when it comes to digital threats—security should be everyone’s job. Managers must institute a culture of information sharing amongst team members, and the onus is on everyone to be vigilant and on the lookout for potential warning signs, regardless of their job descriptions.   

5) Implement the proper procedures for when an attack happens 

Threats will inevitably occur and, while there are a variety of mechanisms and techniques that can be used in response, it’s essential that everyone has the correct tools and that these tools work in concert. For instance, a single next-generation firewall is great, but ineffective in the event of data exfiltration over DNS traffic.   

To help protect MOD agencies, employing a suite of solutions that can accurately detect anomalies originating both inside and outside the network would be beneficial. These should include standard network monitoring and firewall solutions. Organisations may also want to consider implementing automated patch management, user device tracking, access management, and other strategies that can provide true defence-in-depth capabilities.  

Most important is developing and routinely testing your emergency response plan. Just as the UK Fire and Rescue Services practise fire response and life-saving services, MOD organisations should also practise their network breach response. It is hard to learn how to extinguish a fire on the fly.  

The good news is that when an attack occurs, MOD agencies and contractors can use the insights gained from the incident to learn, perfect, and prepare for the next one. The proactive defence cycle outlined here should start afresh so that when another threat rears its head – and it will – the MOD will be better equipped to meet it head on.  

If you would like to join our community and read more articles like this then please click here.

The post Five Steps MOD Organisations Can Take to Help Guard Against the Next Cyberattack appeared first on Defence Online.

 

Who are we?

From publishing the first national directory of public sector contracts, to being the first to market with our online Tracker solution, we have been the true pioneers of technology and innovation in the public sector marketplace. Throughout our 39 years, we have continued to evolve and chart new territory – placing our customers at the heart of everything we do. Take your business to the next level with Tracker now.

Start Your Free Trial Today

Download your Free UK Defence Industry Report

Download your Free UK Defence Industry Report

When you sign up for a 3 day free trial or demo.

Limited time only