Why Enterprises Need to Prepare for Russian Cyberattacks – and Four Ways to Do It
The invasion of Ukraine has been difficult to watch, and unimaginable to live through. While the primary global focus is, as it should be, on peace and safety, it’s also critical for enterprises to prepare for the likely inevitable Russian cyberattacks.
Why? Russia’s offense strategy includes both cyber and kinetic warfare. Before the ground offensive started, Russia allegedly took steps to invade Ukraine’s digital infrastructure, with potentially catastrophic and chaotic impacts on critical systems and operations. These attacks can include wiperware, which has an important distinction from the headline-grabbing ransomware. What’s the difference? Ransomware has received much publicity as a method of extortion. A wiperware attack is deployed in the same manner as ransomware, but its purpose is to destroy by erasing data without the intention of extortion.
Most of the world is now punishing Russia with economic sanctions. Putin’s advisors were likely expecting this response. While the sanctions have impacted Russia’s ability to execute successful ransomware attacks, it’s not the time to be complacent. What’s the best offense for enterprises? A robust defense. Here are four things to focus on.
Update security best practices
Security best practices should be under constant review, with frequent updates based on the current threat landscape. Tightening access to all business systems is a good place to start.
Emphasize cybersecurity awareness
Every enterprise, small or global, should deploy employee cybersecurity awareness training. A “set it and forget it” campaign isn’t sufficient. Education must be continuous to keep everyone sharp. It’s just too easy to click on an embedded URL in an email when cybersecurity isn’t constantly top of mind. Encourage employees to be on high alert for phishing and smishing attacks that could load backdoor hacks, the start of wiperware and ransomware attacks.
Implement zero trust architecture
Corporations and public agencies should be implementing a zero trust architecture. Think of zero trust architecture as a chapter out of the CIA handbook – “on a need-to-know basis only.” Organizations need to review and tighten permissions to all systems and support robust credentials like multifactor authentication for all employees. Review all user and machine accounts. Avoid the issue that many suspect happened at the Colonial Pipeline – that potentially, an ex-employee’s credentials allowed access via their VPN gateway. VPN gateways should only authorize pre-registered devices in addition to valid end-user credentials. This simple host check could have prevented the shutdown of a major pipeline.
Prioritize patching
Vulnerability patching is never-ending. The only manageable way to make a difference is to prioritize systems and devices. This requires inventorying all devices, assigning each device to a prioritization group, ranking vulnerabilities and finally scheduling the patching. This task can be overwhelming given the number of devices and possible patches. That’s why a risk-based vulnerability management system, or RBVM, is a must. An RBVM can distill the 100,000s of patches down to a more manageable number and help a security organization be more effective. The RBVM will recommend which systems are the most critical to update, and what patches to apply first.
It’s not a matter of if, but when cyberattacks launched by nation-states and mob hackers will knock on your company’s doorstep. These four security best practices are not the only best practices all organizations should be performing, but they’re a bare minimum – and they need to be addressed immediately. The hackers aren’t waiting, and neither should you.