May 21, 2018
This guidance outlines the security steps that organisations should take in response to an increased threat of cyber attack. It is aimed primarily at larger organisations, but the advice is relevant to anyone who feels their systems may be targeted by cyber attack.
Steps to take now include:
- undertake a readiness review: identify all available sources of logging, where those logs are stored, how long those logs are retained, who has access to them, ensure that logging events are currently being generated;
- review protection strategies against Denial of Service attacks for key platforms: including websites and any digital services offered; and
- sign up to the Cyber Information Sharing Partnership (CiSP): this gives access to valuable threat information, from peers and official sources, all in a secure environment.
Steps to take in the coming weeks include:
- improve Defences: the NCSC’s 10 Steps to Cyber Security gives a comprehensive overview of the areas that need to be considered when looking to improve the defensive position of an organisation’s IT system;
- improve detection capability: organisations should securely store and have ready access to logs. The NCSC recommends storing key identifying information for three months. It helps to store logs for longer if possible, as this gives greater capacity for analysing attacks that may have gone undetected for some time. The logs that should be stored will vary according to the details of an organisation’s IT estate; and
- improve response capability: review backup policies and ensure a systematic approach is implemented. The ability to recover the system from archived data should be tested.
Incidents should be reported to the NCSC 24/7 Incident Management team if the following applies:
- significant loss of data, system availability, or control of systems;
- unauthorised access to or malicious software present on IT systems.
To access the guidance, click here.