The ever-present cyber threat and the benefits of threat intelligence

Now is not the time for complacency when it comes to cyber security, warns the National Cyber Security Centre (NCSC) .

Cyber-security is part of Russia’s military doctrine, and whilst the UK has remained relatively unscathed to date, the impact of cyber activity against Ukrainian targets are being felt around the world. For example, Russia was behind a recent cyber-attack on a global communications company, which affected wind farms and internet users across Central Europe.

As a result, the NCSC is encouraging all organisations to respond by maintaining a strengthened cyber-posture.

The insurance market is currently reviewing wording and covers in the light of these threats – speak with your insurance adviser if you have any concerns regarding your cover.

Case study: NHS ransomware attack
The ransomware attack on the NHS on 4 August 2022 caused widespread outages across its network. The target of the attack was IT company, Advanced, a software provider that serves multiple NHS departments. Services affected by the cyber-attack included patient referrals, ambulance dispatch, out-of-hours appointment bookings and mental health services.

In this particular ransomware attack, seven of the NHS’ software systems were taken offline.

One affected software system, Adastra, enables clinicians to record medical information online and send this to a patient’s GP. While Adastra has been offline, staff were writing medical notes on paper. Doctors predict it could take months to input the growing backlog of patient records once Adastra is restored.

Advanced have reported that the London and South Central Ambulance Services have since been reconnected to their system; other users will be brought back online on a rolling basis. However, it could take up to 12 weeks to get all services fully functional.

It’s unknown if the NHS has presently engaged with the cyber-criminals’ demands.

Currently, no group has been identified as the attacker.

The benefits of threat intelligence
Such an attack demonstrates how devastating ransomware attacks can be and how long they can take to recover from, even when targets are third-party vendors. Therefore, it’s vital for businesses of all types and sizes to implement a comprehensive cyber incident response plan to mitigate any fallout from potential cyber-attacks.

Threat intelligence (TI) refers to data that is collected, processed and analysed to understand a threat actor’s motives, targets and attack behaviours. Through TI, organisations can analyse both previous cyber-attacks and potential sector specific future threats, thus adopting a proactive approach to cyber-security. For example, the threats to a financial services company will differ to a construction company.

By gathering TI data, your business can bolster its cyber-defences, safeguard key assets and stay one step ahead of cyber-criminals.
With a multitude of TI platforms available, it’s important to adopt the strategy that’s appropriate for your business. TI can help organisations as part of an overall cyber risk management program. Another key step to take is risk assessment to pinpoint weaknesses, implement mitigation measures and close off entry points for threat actors.

If you’d like to understand the cyber threats to your business, talk to our team.