Unless you have been hiding under a rock, you may have heard about the ongoing assault on Ukraine perpetrated by Russian forces; due to this, you may be thinking that this is a good time to boost your company’s security. Russia’s cybercrime and threats are at an all-time high, leaving many businesses in the U.S. scrambling to address several security concerns. In this article, I will discuss some simple methods to prevent the unthinkable from occurring.
First, it is crucial to understand who is most susceptible to Russian cyberattacks. Will the typical small business need to immediately take drastic approaches to ensure their company’s data is secure? Probably not, but plan for the worst and expect the best. If your business has any dealings with countries such as Ukraine, Poland, Estonia, Romana, Latvia, etc., you may need to strengthen defenses due to spillover attacks.
Next, like all facets of cybersecurity, minimizing your attack surface should be your primary goal. Spending time discovering exposed network borders and DMZs is crucial. In this stage, asking yourself several questions is a good start, such as:
Where does our network exist?
Who has access to our network?
How does one access our network?
What apps/programs/systems are currently in place?
What apps/programs/systems are necessary?
What apps/programs/systems can be removed?
What apps/programs/systems have Russian ties?
Next, the basics should be executed. Monitoring traffic, reducing the privileges of those working from home, enhancing password requirements, and enforcing strict MFA policies are all recommended. Ensure backups are frequently made in the possible scenario of a ransomware attack, and ensure all devices, programs, and systems are updated; this is especially important due to companies such as Microsoft already patching against known Russian-based IPs. If your organization doesn’t use any form of antivirus or firewall, now would be the perfect time to rise to the occasion.
B2B VPN connections are the lifeblood of many organizations, allowing seamless integration with different companies and their products. However, as mentioned earlier, this can cause issues if businesses or programs your company utilized are, by themselves, associating with Russian organizations or those dealing with business in Ukraine. By performing audits of these connections and ensuring that effective policies are created and enforced, one can sleep a little easier at night.
Communication is a vital part of cybersecurity, and in these troubled times, it is what sheds some light into the dark realm of what is unknown. As the weakest link of the defensive chain in cybersecurity is the human element, proper employee training and education on current events, what to look out for, what to expect, what to do when an attack occurs, and who to notify, are all recommended. How can one expect to properly react to a potential cybersecurity issue if they don’t even understand the basics?
In my opinion, Russia’s cyberwar capabilities have far exceeded many of the other countries in the world for quite some time. Just recently, Russia intervened with the U.S. election and remained rather unscathed. As I discussed in my master’s thesis, the future of war is in the digital realm. For Russia to succeed in this unwarranted invasion of Ukraine and beyond, they will most likely target critical infrastructure first in the U.S., while simultaneously leading a robust social media misinformation campaign that they are widely known for.
Due to all of this, I, for one, am already taking drastic steps to minimize any potential fallout. While I may not go full-tilt in blocking well-known Russian IPs (for now), I am spending extra time ensuring everything I touch is in tip-top shape. In the world of cybersecurity, remaining one step ahead of cybercriminals is the only logical action. Good luck, and may peace prevail.