The National Cyber Security Centre (NCSC) previously published guidance related to the use of cloud-enabled products when the supply chain includes hostile nation states, such as Russia. Government national security departments were advised to ensure they weren’t using Russian products, like Kaspersky antivirus software. The NCSC is expanding this guidance amid the Russian invasion of Ukraine. The following organisations should reconsider the risks involved in using Russian software:
· Public sector organisations not covered by the original 2017 NCSC guidance
· Organisations providing services to Ukraine
· High-profile organisations that—if compromised—could represent a public relations ‘win’ for Russia
· Organisations providing services related to critical national infrastructure
· Organisations doing work that could be seen as being counter to Russia’s interests, making them retaliatory targets.
Furthermore, because the Ukraine invasion has increased cyber-threats in general, the NCSC recommends that all organisations ensure they have the fundamentals of cyber-security in place to protect their devices, networks, and systems. For more information, visit the NCSC website.