The National Cyber Security Centre (NCSC) has warned UK organisations to “specifically consider the risk” of using Russian technologies amid the ongoing war in Ukraine.
Ian Levy, technical director of the NCSC, wrote in a blog post that Russian firms may be compelled by law to comply with the country’s Federal Security Service – although there is no evidence yet that this has occurred.
“We need to be realistic regarding how Russia may respond”, Levy said, adding that the pressure for Russian firms to comply with the state “may increase in a time of war”.
In 2017, the NCSC published a blog warning people and organisations against using Russian-made anti-virus software, notably Kaspersky.
The government agency has now said that “given the conflict in Ukraine, the context has changed considerably”.
Germany has recently suggested replacing Kaspersky, which the Moscow-headquartered firm described as being “made on political grounds”.
Levy stated that while there is currently no evidence that the Russian government plans to force commercial Russian tech products against the UK, “the absence of evidence is not evidence of absence”.
The post goes on to say: “The war has proven many widely held beliefs wrong and the situation remains highly unpredictable. In our view, it would be prudent to plan for the possibility that this could happen.
“In times of such uncertainty, the best approach is to make sure your systems are as resilient as you can reasonably make them.”
Levy added that individuals using Russian anti-virus software did not have a large cause for concern as they are unlikely to be targeted.
The biggest risks for businesses, Levy said, were not updating software, poor network configuration and poor credential management.
In February, the NCSC warned UK businesses to “bolster their online defences” following Russia’s initial invasion of Ukraine.
While UK businesses have not seen any notable cybersecurity fallout since the outbreak of war, cybersecurity experts have recommended vigilance.
Kev Breen, director of cyber threat research at Bristol-based Immersive Labs, recommends “patching external services and warning your users to be more vigilant with potential phishing threats”.
He also advised companies to “ensure you have a response plan in place and take this opportunity to test and validate your plan, making sure you bring in all the teams that are likely to be affected”.
The Russian war in Ukraine has forced UK companies to react with both heightened security, and sanctions taken against the Russian market, such as money transfer service Wise, which restricted payments made to Russia.