National Cyber Security Centre warns organisations to act following Russia’s invasion of Ukraine


Following Russia’s further violation of Ukraine’s territorial integrity, the National Cyber Security Centre has called on organisations in the UK to bolster their online defences.

The NCSC – which is a part of Cheltenham-headquartered GCHQ – has urged organisations to follow its guidance on steps to take when the cyber threat is heightened.

While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences.

The guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack.

Writing in The Daily Telegraph, Lindy Cameron, chief executive of the National Cyber Security Centre, said: “The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically from their borders with Russia, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.

“Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas.

“Our advice sets out steps that can be taken by an organisation right now, including ensuring systems are patched, back-ups checked and effective incident response plans implemented. We are committed to helping people carry out this work in a smooth and considered way – while it’s important to act at pace, businesses need to ensure they fully understand the scope of the changes they may make.

:The NCSC website also has tools for boards to help them understand the real business risk they are exposed to through their cybersecurity posture. And if you haven’t tried out your incident response plans (or don’t have any yet), our free Exercise in a Box tool can help.

:We are urging organisations to accelerate plans to raise their cyber resilience in the longer term. Cyber threats will persist and now is the time to build greater resilience for the future. We don’t expect small businesses with no IT team to become cyber security experts overnight – the advice we have is proportionate to an organisation’s size.: