Following the imposition of sanctions on Russia, the US has urged American businesses to be extra cautious.
National security agencies in the West are warning corporations to be on the alert for revenge via cyberattacks as a result of US sanctions imposed in reaction to Russia’s invasion of Ukraine.
To defend key infrastructure throughout the nation, the Biden administration pushed its “Shields Up” initiative. The Cybersecurity & Infrastructure Security Agency (CISA) advises corporations, corporate executives, and people to be “mindful of the possibility for Russia’s disruptive acts,” and offers advice and recommendations.
“At the end of the day, enterprises and local governments should be hyperaware and cautious,” says Paul Tucker, BOK Financial’s chief information security officer.
According to the CISA campaign website, “the present situation compels us all to be laser-focused on resilience.” “This must include an emphasis on assuring readiness and a timely, coordinated reaction to limit the effect of such disruptions on our national security, economic prosperity, or public health and safety,” says the report.
Russian state-sponsored cyber attackers use the following methods and approaches, according to Tucker:
Phishing attacks that steal credentials.
2. Making use of web-based apps.
3. Compromise in the supply chain
“Moreover, while we are concentrating on Russia, other nations that have previously attracted major attention—China, Iran, and North Korea—will likely zoom in on the chance to execute cyberattacks while attention is diverted elsewhere,” Tucker added.
Be proactive in your approach.
The increased awareness also serves as a reminder of appropriate cybersecurity measures. The CISA checklist for enterprises of all sizes offers advice on how to be prepared, identify intrusions, and respond if one happens.
“The greatest protection against assaults is prevention,” said Tucker. “It’s more critical than ever for businesses and workers to work together to avoid cyber events via training and good user behavior.”
He estimates that we each get roughly 120 emails every day on average.
“In today’s fast-paced world, it’s vital for organizations and their workers to be prepared to protect themselves and their staff against cyberattacks. So take your time and read your emails thoroughly. If something doesn’t seem right, it usually is. “It just takes one bad click to bring your whole corporation down,” Tucker warned.
But keep in mind that it’s about more than simply email surveillance. Among the preventative strategies are:
• Be well-prepared. Ensure that you have an incident response and business continuity strategy in place, and that you test it on a regular basis, so that you are prepared in the case of ransomware.
• Keep your assault surface as small as possible. Multi-factor authentication should be used for remote access, and known vulnerabilities should be patched (use CISA free tools if needed).
• Employee awareness is important. Cybersecurity awareness training is essential for avoiding all types of intrusions. Employees should be tested using phishing simulators to maintain their cyber skills up to date.
• Examine your supplier chain’s security. Actors got early access to target companies by exploiting third-party software that was trusted.
• Keep an eye on the CISA guidelines. The Shields Up website has rules for businesses of various sizes, as well as specific suggestions for CEOs.
“Having a cybersecurity playbook and comprehensive programs, as well as investing in teaching staff about the significance of cybersecurity safety, will go a long way in safeguarding your organization and customers,” Tucker added.