With increased cyber threats arising from the invasion of Ukraine by Russia, organisations are encouraged to bolster cyber defences to protect their devices, networks and systems.
In brief
The Singapore Computer Emergency Response Team (SingCERT), set up by the Cyber Security Agency of Singapore to facilitate the detection, resolution and prevention of cybersecurity-related incidents on the internet, has issued a list of measures that organisations should adopt to ensure proper cyber hygiene controls are in place and operating correctly.
SingCERT’s advisory is issued on the basis of warnings of increased cyber threats globally arising from the recent cyberattacks on Ukraine and the developments in the invasion of Ukraine by Russia.
These fundamental steps, summarised below, are intended to strengthen an organisation’s defences against possible cyberattacks, such as web defacement, distributed denial of service and ransomware.
Recommended actions
To ensure fundamental cybersecurity measures are in place, SingCERT recommends the following actions:
Secure Systems and Network Infrastructure | Ensure that multifactor authentication is required for all remote/privileged/administrative access to the organisation’s network.Update systems, applications and software to the latest version and download the latest security patches.Disable all ports and protocols that are not essential for business purposes.Install anti-virus software and keep the software (and its virus definition files) updated. Perform a scan of the systems and networks at least once a week and scan all received files.Implement strong access controls if using cloud services. |
Monitor Network Connections and Review System Logs to Quickly Detect a Potential Intrusion | Enable logging of system events to facilitate investigation of suspicious events or issues.Enable user access logging and consider using a Security Information and Event Management appliance for aggregation and monitoring of logs to maintain visibility even after logging periods.Actively review both Active Directory sign-in logs and unified audit logs for unusual activity.Closely monitor inbound and outbound network traffic for suspicious communications or data transmissions. |
Prepare for Ransomware Attacks | Organisations should be on the lookout for potential ransomware attacks — one of the most common attacks conducted by threat actors. Falling victim to such attacks will adversely impact the operations and business continuity of any organisation. |
Prepare Incident Response and Business Continuity Plans | Back up data regularly and ensure that backups are isolated from network connections.Establish and validate an incident response and management plan.Ensure that critical business functions remain operable if the network becomes unavailable. |
Source: SingCERT
Organisations with more resources available should also consider taking advanced actions recommended by the UK National Cyber Security Centre guidance, which includes:
- Reprioritising resources and investment to accelerate cybersecurity improvement plans
- Revisiting key risk-based decisions and validating whether the organisation is willing to continue to tolerate those risks or to invest in remediation or accept a capability reduction
- Assessing whether it is appropriate to accept a temporary reduction in functionality (e.g., high-risk system functions such as rich data exchange from untrusted networks)
- Taking a more aggressive approach to patching security vulnerabilities, accepting that this may have an impact on services
- Considering delaying any significant system changes that are not security-related
- Extending the operational hours of the organisation’s operational security team or having contingency plans in place to scale up operations quickly if a cyber incident occurs
- Procuring threat feeds for systems that take automated action or notifications based on threat intelligence
Organisations affected by a cyberattack or have evidence of any suspicious compromise of their networks should consider reporting the incident to SingCERT, using the Cyber Incident Reporting Form.
© 2022 Baker & McKenzie.Wong & Leow. All rights reserved. Baker & McKenzie.Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.