Call us +44 (0) 1534 626830
Home News JFSC / CERT / NCSC warning about raised cyber threat following the invasion of Ukraine
News
Print Article

JFSC / CERT / NCSC warning about raised cyber threat following the invasion of Ukraine

03/03/2022

The JFSC cyber risk update provides information on:-

  1. Jersey's Cyber Emergency Response Team (CERT) statement of imminent cyber risk
  2. The availability of The UK's National Cyber Security Centre [NCSC's] Early Warning Service available to all Jersey-based organisations
  3. Suggestion to Register for updates from CERT.JE via their newsletter for information if the risk situation develops.
  4. Suggestion for all firms to Inform CERT.JE of any unusual cyber activity
  5. Reminder and operation of Critical Cyber Security Controls

Starts

  • The JFSC has reissued a statement from Jersey's Cyber Emergency Response Team (CERT) [https://cert.je/]
  1. Jersey's Cyber Emergency Response Team has been closely monitoring recent developments in Ukraine, including a series of cyberattacks in January and February 2021.
  2. These attacks have included both distributed denial of service attacks (DDoS) and malware designed to render information systems inoperable.
  3. Several of these attacks have been attributed by UK and US authorities to Russia's Main Intelligence Directorate (GRU).
  4. Whilst there no evidence of a specific threat to Jersey organisations, there has been an historical pattern of cyber-attacks on Ukraine with international consequences and local organisations are asked to prepare for an increase in malicious cyber activity.
  5. Similar warnings have been issued by other national cyber authorities including NCSC (UK) and CISA (USA).
  6. Such attacks are likely to be followed by an increase in criminal or hacktivist (cyber activist) led cyber- attacks.
  7. We are currently tracking follow-on cyber activity targeted primarily at government bodies, financial services, critical infrastructure and their direct supply chains.
  8. The situation is increasingly unpredictable and this raised threat level is likely to persist.
  9. Jersey based organisations operating in the financial services, government and public services, professional services and critical infrastructure sectors are therefore strongly encouraged to take the following immediate steps to minimise the risk of a successful cyber-attack. The below advice is also appropriate for organisations outside these sectors as cyber-attacks can be indiscriminate.
  • AWARENESS AND ALERTING AND REGISTER FOR NCSC'S EARLY WARNING SERVICE.
    1. We have confirmed that NCSC will make NCSC's Early Warning Service available to all Jersey based organisations.
    2. This provides alerts when intelligence suggests your network or systems may be compromised.
  • REGISTER FOR NCSC'S CYBER INFORMATION SHARING PORTAL (CISP) –
    1. Channel Islands node to receive and share intelligence on potential or actual attacks.
    2. JE will sponsor applications for CiSP from Jersey based organisations following a request to hello@cert.je.
    3. Register for updates from CERT.JE via our newsletter or social media (twitter and LinkedIn) so we can inform you quickly if the situation develops.
  • REPORT UNUSUAL CYBER ACTIVITY VIA CISP
    1. Inform CERT.JE of any unusual cyber activity via
  • OPERATION OF CRITICAL CYBER SECURITY CONTROLS
  1. Ensure that good cyber hygiene practices are followed consistently and internal controls are assessed against a recognised framework such as
  • CyberEssentials Plus,

NIST CSF,

NCSC's Common Assurance Framework or ISO 27001.

Follow guidance from NCSC on actions to take when the threat level is heightened.

Ensure patching is up to date on all systems, including device firmware, with a particular focus on core IT infrastructure and externally facing systems.

Ensure externally facing services such as websites are protected from Distributed Denial of Service (DDoS) attacks by implementing cloud-based DDoS protection services.

Implement multifactor authentication (MFA) for all accounts and operate additional controls to secure highly privileged accounts.

Ensure employees are aware of good cyber hygiene practices, including the use of multifactor authentication for personal accounts.

Incident Readiness & Response Planning

  1. Ensure cyber incident response plans are reviewed and tested on a regular basis.
  • Ensure backup data is effectively segregated and undertake test restores on a regular basis.

Sources

JERSEY

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more

Gallery

View our latest imagery from our news and work

Find out more

Contact

Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.  

×

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.  

news disclaimer -

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.