Ukrainian banking and government websites were knocked offline last week by a spate of distributed denial of service (DDoS) attacks, which are designed to crash sites by bombarding them with excessive requests at the same, causing server overloads and shutdowns.
UK and US governments claim the attacks were carried out by Russian-backed military hackers – prompting concerns from the Home Office and GCHQ that a similar virtual onslaught could be attempted in a bid to disrupt businesses and cripple Britain.
Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, said: “Businesses should make themselves as hard to hack as possible at all times – but more so than ever.
“From a strategic perspective, there is a significant risk that Russia may seek to create instability within western countries and, specifically, the UK as a means to distract focus and attention away from the situation in Ukraine and onto closer, acute problems at home.
“In this day and age, this is easier to achieve virtually by means of cyber attacks. To achieve instability and distraction, we may find attacks targeting services that we rely on heavily on a day-to-day basis, such as health, banking, utilities, water, transport infrastructure and supply chains.
“Critical national infrastructure should be relatively hardened to attacks and they will, more than ever, be at a heightened state of vigilance. The attackers know this and, therefore, may be looking to find less obvious routes to target these institutions – potentially through suppliers, which are typically easier to hack.”
How to protect your business from a cyber attack
Mike said: “No business will want the association or ignominy of being the weakest link. While a security programme cannot be established overnight, the best time to start is today. In the interim, heightened vigilance and discipline is critical to defending against a cyber attack.
“At minimum, businesses should consider resetting passwords in case they have already been breached and are enabling access to web portals and email accounts, as well as remind employees to think twice before opening or clicking links on any suspicious emails.
“Multi-factor authentication – which requires users to provide two or more verification factors to gain access to a resource – should be implemented wherever possible, and software upgrades and patches should be up to date.
“Businesses should also dust off, review and rehearse incident respond plans so they know how to react swiftly to any attack and are able to minimise its potential scope and scale. Finally, ensure all critical information is backed-up off network in case of a ransomware attack.”