The UK’s National Cyber Security Centre (NCSC) has issued guidance to information security teams on how to maintain strong digital defences amid an “extended period of heightened threat”.
It comes as the organisation’s concerns grow over the well-being of the nation’s cyber practitioners who are having to keep resilient cyber defences as a result of the ongoing kinetic and cyber war between Russia and Ukraine.
The cyber authority has listed several measures UK businesses and organisations can take to ensure their security experts remain happy, healthy, functional, and efficient throughout the period of ongoing conflict.
The first is to ‘get the basics right’ - ensuring the basic cyber hygiene controls within a business are enabled. These include checking for software patches, verifying access controls, and enabling comprehensive logging and monitoring systems. The full list of ‘basics’ is laid out in a separate NCSC article.
Many organisations took risk-based decisions at the start of the conflict to introduce additional temporary defences. Now that the conflict appears to be a long-term threat, these decisions should be revisited to ensure the security environment is equipped for battle in the long term.
Re-assessing the workloads of every member of the team should also be considered, the NCSC said. To free up space for leaders to tackle other priorities, it could be effective to empower frontline staff to take on additional decision-making responsibilities, and could even lead to more agile responses that are informed by the experiences of those on the front line.
Additional responsibilities should be weighed evenly throughout the wider team though, to prevent burnout and increase development opportunities for all involved.
Taking regular breaks and encouraging staff to lean on each other for emotional support, providing they feel comfortable doing so, are also advisable strategies to manage the prolonged period of conflict, said the NCSC.
What are the NCSC’s main concerns?
The IT industry is steeped in notoriety for the prevalent burnout experienced by workers across many branches of the industry and the NCSC said there is an increased risk of cyber professionals suffering from the condition.
Longer hours, taking fewer breaks, and dealing with additional threat vectors on top of the usual adversarial threats that are expected in the cyber security industry are all contributing to increased workload across teams.
RELATED RESOURCE
Securing endpoints amid new threats
Ensuring employees have the flexibility and security to work remotely
Some staff are also involved in round-the-clock monitoring or being required to be on-call for emergencies which can limit the ‘downtime’ they can enjoy away from work. By promoting a work culture that encourages breaks and rest, rather than a total focus on work and preparedness, is one way cyber security teams can manage the prolonged workload brought by the ongoing cyber war.
“Cyber security teams were already under mounting pressure in the months leading up to the invasion of Ukraine: handling a global pandemic, a rise in ransomware attacks and the Log4j vulnerability, alongside the usual levels of ongoing malign cyber activity,” the NCSC said.
“These extended periods of intense pressure on cyber security teams raise the risk of poor wellbeing and even burnout, with a potential associated rise in unsafe behaviours and errors. Staff welfare is a critical component of an organisation’s security and resilience.”
What is an extended period of heightened threat?
Cyber security is an often unrelenting role that requires high levels of vigilance at all times. The number of cyber security threats faced by businesses continues to rise each year and the ongoing cyber war between Russia and Ukraine is presenting additional requirements for the job.
An extended period of heightened threat typically involves two phases, the NCSC said: an acute phase where organisations scramble to implement temporary defences at the start of a conflict and a protracted phase when a strengthened security posture should be maintained as conflict continues.
The UK is now in the protracted phase which is where the complications and concerns over experts’ welfare have become increased.
“Over time, the cyber threat may come down again, but it is unlikely to return to the previous baseline,” said the NCSC.
“Organisations might maintain aspects of their strengthened posture for the long term, in response to a changed threat landscape. The NCSC will continue to issue guidance to help organisations assess the level of the cyber threat.”
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
Off-the-shelf ransomware is spurring a new era in the Ukraine warNews Experts agreed Russian forces could be overwhelmed, forced to use less sophisticated tools to meet the regime's demands
-
NCSC: “New class” of Russian cyber attackers seek to destroy critical infrastructureNews The cyber threat has been raised due to the heightened risk of ideologically driven cyber attacks from Russia-aligned adversaries
-
NCSC warns UK under state-sponsored spear-phishing attacks from Russia and IranNews The acceleration in spear-phishing campaigns last year coincided with the escalating conflict in Ukraine, according to the NCSC
-
NCSC founder details 'biggest regret' in underestimating organised cyber crimeNews In a rare public address, Martin also detailed his proudest achievement and how the idea for the NCSC came to be
-
Second Singtel subsidiary breach in a month sees customer and client data leakedNews The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus, Australia's second-largest telco
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against AlbaniaNews The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
-
Cyber attack on software supplier causes "major outage" across the NHSNews Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line
