The cybersecurity community has reacted with criticism and concern to the Russia report, which was finally published today after a nine-month delay.
The heavily redacted report highlighted that the UK was a target for disinformation by Russia, and that “Russian influence in the UK in the new normal”. It also drew attention to failures to tackle the issue, with no one governmental organisation taking responsibility.
For some, the report has prompted considerable concern due to its level of redactions and lack of clarity on issues, such as the unanswered question of whether there was Russian interference in the Brexit referendum.
“Not only do the findings in the report smack of a lack of transparency, but it’s also confusing to the public and reeks of politics,” said Sam Curry, chief security office at Cybereason.
Others reacted with dismay at the lack of coordination between government departments on the issue.
“Cyber is a ‘complex landscape’ in the UK with numerous agencies involved in cyber defence – but it is not immediately clear how they all work together and complement one another, according to the report,” said Miles Tappin, vice president, EMEA of ThreatConnect.
“The lack of co-ordination and collaboration by organisations across the intelligence community is a grave concern and something that nation-state actors look to exploit.”
Russia report: Cybersecurity implications for businesses
While the Russia report focused on the behaviour and impact on the UK government, many members of the cybersecurity industry were quick to highlight potential issues for business, particularly given that organisations have been severely impacted by historic nation state-backed cyber campaigns, such as WannaCry.
“In light of the information uncovered by the Russia report, UK enterprises and governmental agencies should ensure that their existing security practices are enforced to the letter,” advised Michael Barragry, operations lead at Edgescan.
“State-sponsored cyberattacks are typically very well-resourced and can be planned in advance for months before they are executed.”
Barragry also said it was also possible that “Russian actors were already inside the network of several public and private organisations”, something that Matt Walmsley, EMEA Director at Vectra, agrees with.
“The report’s comments about observed Russian ‘pre-positioning’ activity highlights the need for detecting hidden threat behaviours inside enterprise IT networks before cyberattacks have a chance to spy, spread and steal,” said Walmsley.
“It’s a phenomenon we’ve seen in our own analysis from inside operators of critical national infrastructure. For example, attackers have tested and mapped-out attacks against energy and utilities networks for years.
“These slow, quiet reconnaissance missions involve observing operator behaviours and building a unique plan of attack. The attack that shut down Ukraine’s power grid in 2015 was reportedly planned many months in advance by skilled and sophisticated cybercriminals.”
Cybersecurity training remains vital
For companies that want to protect themselves, the advice is to be aware of the risk posed by poorly trained employees.
“Cybersecurity fears are evidently increasing, but the attack vectors used remain the same, with similar entry,” said Jake Moore, cybersecurity specialist at ESET.
“As we have seen with Twitter recently, social engineering is a widely used technique and can leave huge destruction in its wake. Hacking the human is still a very effective tool, and phishing email campaigns remain relentless. Constant training must be therefore be in place with an increased level of vigilance.
“Relying on security software alone will never protect you completely. The rest has to be security compliance carried out by the individual.”