A War without Borders: Preparing for Russian Cyberattacks
As Russia continues to invade Ukraine in the face of sanctions, asset seizures, boycotts, and public outrage, business owners must remember that online, the boundaries of war are not as limited by geography. TIME recently interviewed the former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, on the subject. He mentioned that while the government is particularly concerned with cyberattacks on vital infrastructure, “private businesses large and small are at just as much risk…” CISA has launched a #Shieldsup campaign so that every organization—large and small—can be prepared to respond to disruptive cyber activity.
According to Krebs, Russia is likely to respond to strict sanctions with cyberattacks, and as many IT security specialists already know, Russian hackers have used Ukraine as a training ground for their attacks for years – hacking into their power grid and causing outages for hundreds of thousands of customers. Considering former Russian cyberattacks and current sanctions, banks, energy companies, and transportation companies should be especially concerned. However, Krebs says that if Russians want to damage the psyche of the American people, they could also target hospitals and schools.
CISA is recommending that all organizations, regardless of size, adopt a heightened cybersecurity posture to protect their most critical assets. Here are a few ways IT professionals can start protecting their companies’ infrastructure and their data now.
Implement multi-factor authentication across the organization.
All companies should have at least dual-factor authentication in place by now. If not, there is no better time to implement it. Make sure that all employees provide two or more forms of verification before logging into a corporate account or connecting to a VPN. This is usually a combination of a password that must be changed on a regular basis and a code that is delivered to employees’ smartphones or some other device that randomly generates codes.
Deploy endpoint security.
Endpoint security is an especially important part of cyber hygiene in the age of remote work. Corporate data and corporate accounts that are accessible via employee laptops and mobile devices must be secured. IoT devices, including printers, scanners, thermostats, and other devices connected to the internet must also be monitored and secured. Endpoint security protects data and workflows on devices by inspecting files as they enter the network. Most endpoint security solutions provide a centralized management console where network administrators can monitor for potential threats and respond to incidents.
Launch anti-phishing campaigns.
There’s no better time than the present to launch a company-wide anti-phishing campaign. According to IBM’s Cost of a Data Breach Report, compromised credentials and phishing were the methods used in nearly 40% of breaches. Hackers can easily gain access to employee data and login credentials or install malware by luring employees to click on links or download attachments that appear to be relevant to their work. Make employees hyper-aware of these threats by providing them with examples of phishing and then sending them fake phishing emails to test their knowledge.
Make software updates across the board.
Enable automatic updates for all software that has this option. Make a plan to verify that every piece of software the company uses has the most recent updates installed. Also ensure that antivirus software signatures are up to date. If needed, refer to CISA’s free cyber hygiene services that include vulnerability scanning.
Make sure your response team is ready.
A well-developed incident response plan includes forming an incident response team and preparing each team member for their role with regular drills. Incident response teams should be trained to identify breaches, contain them, eradicate them, and recover and restore systems. It’s also important to have a crisis communication plan in place that includes notifications for affected customers and a plan to keep them updated as well as media and social media communications.
Have a backup and recovery solution in place.
Last but not least, make sure your company has a backup solution and a disaster recovery plan in place. When a company goes through the process of developing a DR plan, they learn and understand their recovery point and recovery time objectives (RPOs and RTOs), and they implement a backup solution that enables a return to a set recovery point after an outage or after data has been lost. The most secure backup solution is an isolated solution that segments storage locations so that they are isolated from the impact, allowing for a continuation of services utilizing secondary assets until the primary assets are safe to resume normal operations.
Download our IT Leader’s Disaster Recovery Guide to learn more about IT disaster recovery and start building your DR solution.