The UK’s National Cyber Security Centre (NCSC) has teamed up with international allies to issue guidelines on how organizations can stay safe from malicious cyber-actors.
The joint cybersecurity advisory "Technical Approaches to Uncovering and Remediating Malicious Activity" was published today in conjunction with the US’s Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre and CERT NZ, and the Canadian Communications Security Establishment.
Contained within the advisory are a series of technical approaches that organizations can take to protect their most critical digital assets. The approaches, which are based on best practices, can help to uncover malicious activity and mitigate attacks, if followed.
NCSC director of operations Paul Chichester described cybersecurity as a "global issue that requires a collaborative international effort."
“This advisory will help organizations understand how to investigate cyber incidents and protect themselves online, and we would urge them to follow the guidance carefully," said Chichester.
“Working closely with our allies, and with the help of organizations and the wider public, we will continue to strengthen our defenses to make us the hardest possible target for our adversaries.”
Key takeaways from the advisory include a recommendation to respond to any potential cyber-incidents by first collecting relevant artifacts, lots, and data and removing them for further analysis.
Organizations were further advised to avoid tipping off any cyber-adversaries that their presence had been detected on the network and to contemplate seeking help from a third-party IT security organization.
CISA director Chris Krebs said that the joint alert was the first of its kind issued by CISA since the organization was formally established in 2018 and was something that he had "aimed for since day one."
“With our allied cybersecurity government partners, we work together every day to help improve and strengthen the cybersecurity of organizations and sectors of our economy that are increasingly targeted by criminals and nation states alike," said Krebs.
“Fortunately, there's strength in numbers, and this unified approach to combining our experiences with a range of malicious actors means that we're able to extend our defensive umbrella on a global scale.”