Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a new advisory directing organizations of all sizes and industries—government and civilian—to increase protection as malware and other disruptive online activity increases.
So far, state-sponsored Russian cyberattacks have been focused on Ukrainian government systems and banks. But cybersecurity experts and government representatives warn that the attacks could spread to businesses and companies in the United States, Canada, and the European Union as the global conflict grows. Cybersecurity experts have spotted known Russian cyber groups performing reconnaissance against U.S. industrial infrastructure, including key electric and natural gas sites. As Harvard Business Review said last week, “Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and Western corporations have ever faced.”
In their advisory, CISA and the FBI recommend general steps, such as increasing defenses against malware, updating software, protecting passwords, and enabling multi-factor authentication. Richard Clarke, who has served multiple presidential administrations from both parties as a counterterrorism coordinator and cybersecurity czar, summed up the necessary response with two short words: “Shields up.”
What Can Your Business Do to Stay Safe During a Global Conflict?
1) Don’t panic—but do take action. CISA and the FBI cautioned that they had received no intelligence about direct threats to the U.S., Canada, or other Western countries. And cybersecurity experts believe that coming Russian cyberattacks will be destructive or disruptive, not directly aimed at stealing data or financial information. But it makes sense to work with a trusted IT provider now to assess your cybersecurity situation and be extra vigilant during an anticipated surge in cybersecurity risk—after all, a proactive approach is always better than a reactive one.
2) Protect against malware. Five years ago, the NotPetya strain of malware targeted Ukrainian organizations; in the last two months, fresh spins on this form of data-wiping malware (called “HermeticWiper”) have been spotted in the same region. Although Russian cybercriminals may not target your business directly, other hackers will capitalize on the ubiquity of a new strain and try to deploy their own version. The best way to prevent malware infection is to avoid it in the first place by using strong passwords and deploying a second layer of multi-factor authentication.
3) Extend security to each endpoint, device, and account. The majority of today’s cyberattacks target a specific endpoint: an email account, a mobile phone, or a vulnerable computer. A single phishing email that tricks a single user into clicking a single link can establish an initial foothold that allows malware or ransomware to then expand across an entire network. As remote work has grown over the past two years, the importance of endpoint detection and response (EDR) has grown as well. This tool provides automated threat detection, strong spam filtering, and sandbox attachment scanning for every device and every email account, providing vulnerable endpoints with the protection they need. CMIT Solutions now recommends that clients upgrade existing EDR to XDR, or extended detection and response, which combines active monitoring with threat intelligence and data analytics to track potential threats.
4) Keep digital assets safe. Far-ranging cyberattacks often start with distributed denial of service, or DDoS, which can take down hundreds or thousands of websites all at once by attacking the servers that host those sites. Similarly, brute-force attacks are disruptive attempts to take down entire sections of the Internet at once—not just target specific companies. And phishing campaigns will often try to capitalize on breaking news or global conflicts to trick you into taking action. Dynamic firewalls and network security tools deployed as part of comprehensive cybersecurity protections keep a 24/7 eye out for these kinds of attacks by monitoring Internet traffic and identifying vulnerabilities before they’re exploited. Automated security patches and software updates also protect against these kinds of blanket attacks, offering a level of IT support that no small business owner can achieve on their own.
5) Back up data and put incident response plans in place. If a cyberattack does impact your company, the quickest way to prevent negative effects is by restoring a backup of business data that has been captured regularly, remotely, and redundantly. Creating multiple copies of critical information stored in different cloud-based and physical locations offers businesses multiple levels of protection. The next step is an incident response plan that outlines the immediate steps to take to restore normal operations. With reliable protocols like these in place, your business can survive any disaster—natural or manmade, at home or across the globe.
Cybersecurity in this day and age is a complicated affair. In addition to protecting your computers and your data, cybersecurity means understanding the intersection of geopolitics, the global economy, and evolving digital threats. In difficult times like these, a trusted partner can guide your business through every step of this journey.
If you want to take action today to get your company’s shield up, contact CMIT Solutions. We are here to help with business protection and cybersecurity assistance for every organization.