Amid escalating geopolitical tensions and rising cyber risk, it is crucial for organisations to enhance their cybersecurity posture. Cyberattacks offer adversaries a low-risk, high-impact means to disrupt business operations and national infrastructure. Companies must proactively prepare to safeguard their digital assets, reputation, and revenue from increasingly sophisticated cyber threats.

In conflict situations, cyberwarfare becomes an attractive strategy for adversaries, inflicting maximum damage at minimal cost and risk. Organisations should anticipate increased volumes of targeted phishing, ransomware, nuisance-oriented attacks (such as website defacement), and Distributed Denial of Service (DDoS) attacks aimed at crippling online services and negatively impacting public perception and revenues.

Here is an actionable checklist of cybersecurity measures to prioritise immediately (if not already taken care of!)

Web Application Firewalls (WAF)

Web applications are often initial targets due to inherent vulnerabilities from insecure coding practices. Deploying and configuring a cloud-based WAF helps protect against OWASP Top 10 vulnerabilities, alerts against website defacement, and secures APIs. Essential for all organisations hosting critical applications online.

DDoS Protection

DDoS attacks can severely disrupt your business operations. Although it can be challenging to measure the effectiveness of protective services beforehand, enabling DDoS protection via your ISP or a reputable cloud provider is a fundamental defensive measure.

Multi-factor Authentication (MFA)

Today’s hackers typically infiltrate systems using stolen credentials rather than traditional network breaches. MFA significantly reduces the risk associated with credential theft, making unauthorised access substantially harder for cybercriminals.

Robust Backup Solutions

Reliable backups represent the ultimate fail-safe when cybersecurity measures fail. Ensure comprehensive coverage for all critical systems and regularly test your restoration processes to guarantee effectiveness when it matters most.

Restrict Administrative Access

Conduct regular audits of administrative privileges, ensuring only essential personnel have access. Limiting admin rights is a recommended practice that mitigates potential internal risks irrespective of external threat levels.

External Attack Surface Management (EASM)

Digital footprints are dynamic, with new vulnerabilities continuously emerging. Traditional vulnerability assessments or penetration tests, typically conducted semi-annually, may miss critical emerging threats. Implementing a proactive EASM solution enables continuous monitoring for leaked credentials, code/data on dark web marketplaces, and brand impersonation attempts. With no onsite installation needed, organisations can quickly adopt EASM to promptly address potential threats.

Incident Response Plan

Develop and regularly rehearse incident response procedures to swiftly manage and contain cybersecurity incidents.

Security Awareness Training

This is as good a time as any to conduct targeted training for employees on recognising phishing attempts and practising safe online behaviour.

By proactively strengthening their cybersecurity measures during periods of heightened risk, organisations can effectively safeguard their operations and maintain trust among customers, employees, and stakeholders.