As the Russia-Ukraine war continues, so too does the threat of Moscow seeking to escalate online attacks or opting to launch reprisals for Western sanctions — including a range of recent cyber activity attributed to Russia. In a call to action that’s being called “Shields Up,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues to warn Russia could escalate destabilizing activities that may impact countries well beyond Ukraine.
Kinetic and cyber breaches in the past weeks have included disk-wiper attacks and new deployments of malware. Such activity is targeting military systems and networks, as well as critical corporate infrastructure systems.
CISA published a new catalog of free public and private sector cybersecurity services and suggested all organizations – both large and small “must be prepared to respond to cyber activity.”
But — if you’re like many organizations — you’ll need some help decoding it all. So we’ve helped break it all down into steps your organization can take to prepare for, detect, and respond to a cyber threat or breach.
- Every organization—large and small—must be prepared to respond to disruptive cyber activity.
- CISA released recommendations for everyone from Defense Industrial Base (DIB) companies, CEOs, and corporate leaders to individual Americans.
- Recommended actions outlined further in the article below include:
- Take preventative measures to minimize the possibility of an attack on your organization.
- Identify steps to quickly detect a potential cyber intrusion.
- Be prepared to respond if a compromise occurs.
- Maximize resilience to an attack by fortifying critical controls and backup procedures.
- Because NATO deems cyber attacks enough to trigger a “state of war,” all organizations are encouraged to report any incidents or abnormal activity to CISA.
A joint advisory consisting of the FBI, the NSA, and CISA warned that Russian cyber actors have been:
- Targeting defense contractors
- Exfiltrating emails and data
- Acquiring “sensitive, unclassified information, as well as proprietary and export-controlled technology”
In addition, two additional types of cyber threats could be forthcoming in response to sanctions on Russia.
The first type is spillover and collateral damage, where cyber weapons could leverage a previously undetected security flaw in a commonly used piece of hardware or software.
The second type is direct attacks on Western organizations. In this case, Russia aims to catch targets off guard and by surprise. Should this type of situation escalate, unsuspecting organizations of any type and size could end up in the crosshairs.
In light of these threats, U.S. businesses of all sizes should take steps immediately to shore up cyber defense.
3 Steps Your Company Can Take Right Now
Step 1: Minimize vulnerability
- If your organization offers remote connectivity, ensure you’ve got a virtual private network (VPN) in place with multi-factor authentication (MFA).
- Apply the most recent security patches and antivirus definitions to all workstations.
- Train employees on the latest security threats and risks by utilizing security awareness training.
- Deploy phishing simulations, so employees know how to detect social engineering attacks.
Step 2: Know how to detect and report an attack
- Ensure that monitoring tools like intrusion detection systems (IDS) are in place and ready to detect suspicious network activity.
- Review all network and application user permissions to confirm they are both necessary and authorized.
- Establish a formal incident response plan. This way, employees will be familiar with policies and procedures and know how to report suspicious activity, threats, or breaches.
Step 3: Be ready to respond to an attack
- Review disaster recovery and business continuity plans. Employees throughout your organization should know exactly how to respond should you fall prey to an attack.
- Perform periodic tabletop exercises so there is organization-wide awareness of roles and responsibilities in case of an attack.
- Conduct periodic backup tests to confirm that critical data is retrievable.
Government agencies, DIB companies, and organizations everywhere are working tirelessly to shore up cybersecurity and protect critical infrastructure.
This situation is changing minute-to-minute. Once NATO Secretary General Jens Stoltenberg warned Russia that the alliance considers cyber attacks enough to trigger Article 5 of the NATO charter, it quickly became clear that alliance members are considering how cyberattacks might lead to a state of war.
Being proactive will help ensure your organization is prepared should a cyberattack occur. You’ll be better equipped to determine which systems have been impacted and isolate them accordingly. You can triage any impacted systems and effectively restore and recover data. You’ll know how to communicate and engage stakeholders.
Solutions will involve a combination of increases in existing capability as well as new ideas and innovations. Many organizations are quickly realizing they need assistance to uncover these solutions and to successfully navigate this evolving and complicated cyber landscape.
If you need help deploying the steps outlined above, contact a third-party incident response provider with experience in data breaches today. PBMares can help you make sense of it all.
Contact Antonina McAvoy, CISA, CISM, in our cybersecurity practice today to explore our high assurance cybersecurity capabilities.