The conflict we all fear is set to lead to an increase in cyberattacks, but experts agree that all hope is not lost.
Russia has invaded Ukraine, and while this might seem like a selfish moment to think about it, business leaders are likely wondering if this conflict means cyberattacks from Russia will also start to break out.
That fear isn’t just paranoia, either: The US Justice Department said so last week, warning business leaders they’d be foolish not to tighten security measures amid tensions were going up. With this tension turning into all-out war, it’s an even better time to think about how to stay safe from potential attacks.
“Whenever there is a conflict related to Russia, you should also expect to see force applied on the cyber domain, because it creates disorientation, distrust and fear,” said Ariel Parnes, COO and co-founder of the cybersecurity company Mitiga. Parnes also warned that cyberattacks can be used to deter Ukraine’s allies from supporting them, so keep that in mind if the conflict escalates and begins to involve US forces.
What kind of attacks should US companies expect?
There have been plenty of recommendations for how businesses should respond to the Ukraine conflict, and all of them have one thing in common: Cyberattacks on US businesses aren’t a matter of if, they’re a “when.”
TO SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
Scott Kanry, CEO of cyber risk management firm Axio, said there was absolutely no doubt that US-based organizations would see an increase in cyberattacks due to the conflict. Kanry said we don’t need to look far back to see an example of the potential havoc that state-sponsored cyberattacks can inflict: the colonial pipeline attack.
Kanry said we would likely see attacks such as DDoS, phishing, persistent malware activation and more in all 16 critical infrastructure sectors; potentially down to small but vital local organizations. “We should also pay attention to other organizations that are essential to the functioning of a society, such as hospitals, schools, health clinics and local banks. Often the smallest organizations lack even basic cyber defense, leaving them vulnerable to attack,” Kanry said.
While individual businesses may be at increased risk of attack, Parnes warned that many businesses would become collateral damage in infrastructure attacks. This doesn’t mean that organizations should only plan for infrastructure outages: it’s possible that some critical companies have been compromised in the past, and now Russia or some other bad actor is just waiting for the right moment to use their backdoor.
If that turns out to be you, “expect attacks to include data deletion and encryption, DDoS attacks, and extortion software, where attackers take data and threaten to sell it (or sell) as a form of information warfare,” Parnes said. .
How your organization can prepare for increasing cyber threats
“There’s not much you can do now to prevent a cyberattack in the immediate future, especially if you’re targeted by Russia or a state-sponsored attacker,” Parnes said. It may be a grim prospect, but don’t let that deter you from doing all you can to minimize your risk, and Parnes and Kanry each have advice that can help affected IT and security managers.
Kanry said the best way to understand how to improve your cybersecurity posture is to establish a baseline using an industry standard framework like the NIST Cybersecurity Framework. Once you have your baseline, you can use your framework to determine what you need to do to meet a higher security standard.
Additionally, Kanry said companies should follow standard best practices: “Implement strong password hygiene policies, ensure systems are patched and updated, ensure networks are properly segmented and implement robust MFA for every user and business application,” Kanry said.
Parnes’ advice goes hand-in-hand with what Blue Hexagon CTO and founder Saumitra Das said is a hallmark of nation-state-level cyberattacks: they’re good at evading detection. “Nation-state attackers can typically engineer mutated attacks to render threat intelligence useless, use off-earth life techniques to circumvent endpoint security, and focus on disruption rather than ransoming data , which in many cases may be easier to achieve,” Das said.
TO SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
To that end, Parnes said companies looking to consolidate quickly should focus on detection. “There are always new indicators of compromise (IOCs) coming out, and it’s important to look for them proactively,” Parnes said. Also, be sure to keep up to date with the latest threat information, which often contains the latest IOCs.
What about attacks that are mutated to avoid threat intelligence? Das said organizations need to use AI-based detection tools that can detect suspicious activity as well as typical IOCs.
Finally, and this is another common point noted by several experts: Test, test and test again. “It’s not enough to have a plan if you don’t exercise it. When you exercise these disaster and incident recovery plans, you will realize what can happen and understand the impacts. Adjust your plans based on what you learn from the exercises,” Parnes said.