Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How the War in Ukraine Affects Companies Across the World

cyber attacks and Ukraine crisis

about the author

Share this post

The invasion of Ukraine is showing the world the meaning of a ’hybrid war’. The term was created by ​Frank Hoffman, to describe a war that takes place across multiple fronts: conventional warfare, irregular methods e.g., assignations, and cyber attacks. As this horrifying display of aggression plays out, the digital aspects of modern war will impact many companies the world over.

As the sirens ring out across Ukraine, organisations must also sound the warning alarm on their cyber security measures. Here is what organisations are up against in this hybrid war.

A Malicious History: ”Be Afraid and Expect the Worst”

Russia has a long history of using cyber attacks as a tactic to exert pressure and to wage a proxy war. Russian state-backed hacking groups are renowned for massive cyber attacks against western organisations. One of the biggest in recent years was the 2021 ransomware attack on the U.S. Colonial Pipeline by the hacking gang, REvil.

More recently, 70 Ukrainian government websites were defaced in a cyber attack with an onscreen warning message that said “be afraid and expect the worst“. An analysis of the attack found signals that Russian intelligence was involved; however, Russia has since denied involvement.

Denial and misinformation are typical war tactics that the use confusion to ‘divide and conquer’. However, the evidence is stacking up: 74% of the money extorted from ransomware attacks in 2021 was sent to hackers with Russian associations. With hindsight we must wonder, was this money then put aside as a war chest?

As the invasion of Ukraine has played out, further cyber attacks against the Ukrainian government have been carried out. A Microsoft blog statement from February the 28th gives further insight:

On February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyber attacks directed against Ukraine’s digital infrastructure.” The blog mentions that a new malware variant “FoxBlade” has been found as part of these attacks.

One thing is highly likely, the invasion of Ukraine is a hybrid war, and cyber attacks will not be contained within Ukraine.

Warning Sirens of Further Cyber Attacks

Warnings and advisories have been published across the globe, alerting companies to expect an increased threat of cyber attacks:

In the UK, the National Cyber Security Centre (NCSC) has published an advisory on their website urging British companies to bolster their “cyber security resilience in response to the malicious cyber incidents in and around Ukraine. ”

In the USA, CISA (Cyber security and Infrastructure Security Agency) has published a warning under its ‘Shields Upcampaign about a new ransomware group, Conti, with links to Russian Intelligence:

The Conti ransomware actors threaten “retaliatory measures” targeting critical infrastructure in response to “a cyber attack or any war activities against Russia.

In Australia, the alert status for a cyber attack is set to HIGH and the government is stating that companies are “encouraged to urgently adopt an enhanced cyber security position”.

Similarly, across European countries, governments are warning organisations and citizens to prepare for a cyber attack.

One of the concerns about the ease with which these cyber attacks will be carried out is that Russian-backed cybercriminals have spent years building up their malware know-how and carrying out reconnaissance on successful attack tactics.

New Malware, Successful Tactics

Several new malware variants associated with Russian hacking gangs have already been identified. These seem to be based on data deletion and/or ransomware and are extremely damaging. Examples are HermeticWiper, and WhisperGate malware, which corrupt and/or wipe data entirely. Another, HermeticRansom, uses extortion techniques to add to the damaging impact of the malware.

Further research has also found that malware ‘worms’ are being used. Worms are particularly dangerous as once they enter a system, they self-replicate and propagate across a network, infecting machines and causing destruction across the network. One of the latest discoveries is called HermeticWizard, a worm used to deliver HermeticWiper malware.

Worms enter a network using a variety of methods including email, USB sticks, malicious links in social media posts, insecure IoT devices, and so on.

Further malware variants will likely enter the threat landscape as the war continues.

The CISA and the FBI have published a joint advisory that explains the dangers of some of the latest malware variants. The advisory urges organisations to:

“…increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”

These new malware variants will still depend upon established successful tactics, such as phishing and social engineering, to enter a network. So how does a company prepare itself for this hybrid war?

Actions to Protect Your Company and Your Employees

The cybercriminals behind this slew of cyber-war malware will use tried and tested methods to deliver infection quickly and effectively. Organisations must use the knowledge of the security industry to batten down the hatches. Mitigative actions should include the following:

  • Make sure you have visibility of all your IT assets, including every endpoint, data storage and flows, servers, and other devices.
  • Ensure that your extended network has robust security measures associated with devices, people, and locations. For example, enforce robust authentication and use principles of least privilege enforced using privileged access management (PAM) to control access.
  • Test out your patch management systems to make sure they are reaching all endpoints and servers.
  • Set up or test out an existing, secure backup system.
  • Put your company on a heightened alert and back this up with Security Awareness Training focused on the threat: augment your training with the continued assessment of the situation, and use phishing simulations to educate your staff about likely phishing campaigns associated with the invasion.
  • Monitor the activity of your network and access points and check out access to ports for possible vulnerabilities.
  • Remove or disable any unused apps.
  • Check out, update, and enhance your disaster recovering planning and strategy

The above are a few of the key areas that need bolstering during this time of heightened threat.

Be Prepared for Retaliation Attacks

There is now also a warning that a cyber attack on a NATO member state would result in Article 5, of its collective defence clause, being triggered. The digital war and the conventional war may well end up converging as the escalation begins. Retaliation attacks are a high probability, and the best defence is awareness and preparedness.

Security Awareness Training for Third-Party Vendor

Other Articles on Cyber Security Awareness Training You Might Find Interesting

duckduckgo vs google EN

DuckDuckGo vs Google – 5 reasons why you should give up using Google!

You were not aware that DuckDuckGo is a search engine? Well, now you know. Since its founding in 2008, DuckDuckGo has made it its mission to develop a search engine that does not store or share personal data, quite unlike Google. Google’s business model is based less on data protection and more on personalised advertising. Without the storage of personal data, Google would virtually lose the air it breathes. However, Google is still the most used search engine, and there are reasons for that. Google does have one weakness, however, and that is data protection.
Read More »
dataprotection vs informationsecurity EN

Information Security vs Data Protection

Is this an issue for our ISO or our DPO, or is it much the same in either case? Who exactly is responsible for this incident, and is there a need to report it at all? In order to discuss the similarities and differences between information security and data protection, the first step is to define the two areas.
Read More »