Russia’s invasion into Ukraine has had far-reaching impacts that have extended far beyond eastern Europe. Military analysts have widely speculated that the war on the ground hasn’t gone according to plan for Russian forces — a fact that has been made worse by U.S. sanctions. This has led many to surmise that the battlefield may soon extend further into the digital realm with an all out cyberwar.
This has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — a division of the U.S. Department of Homeland Security (DHS) — to issue a “Shields Up” warning with actionable tips to defend against cybercrime. The tips include recommendations for attack detection, mitigating damage in the event an cyberattack does occur, and maximizing your organization’s cybercrime defense capabilities.
The CISA Shields Up Warning on Russian Cybercrime
The CISA warning indicated that, “While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies.”
This official warning on the potential for Russian cybercrime is targeted to companies and organizations of all sizes, both large and small. While large corporations and government organizations are at the highest risk of being targeted by cybercriminals (Russian or otherwise), smaller and lower profile targets have also fallen victim in the past. It is believed that this trend could continue in the future.
The CISA warning also stated that “In the wake of the continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, we are working very closely with our Joint Cyber Defense Collaborative (JCDC) and international computer emergency readiness team (CERT) partners to understand and rapidly share information on these ongoing malicious cyber activities.”
CISA Shields Up Tips to Reduce the Risk of Cyber Intrusion
Hackers pose a major risk for damaging cyber intrusion. To harden and protect your systems against cyber intrusion, CISA offered the following recommendations.
- User multi-factor authentication.
- Update all software (and operating systems), with a focus on updates for established, CISA-identified vulnerabilities.
- Disable non-essential ports and protocols.
- Maintain robust security controls on cloud platforms.
- Perform regular vulnerability scanning.
Shields Up Recommendations to Detect Cyber Intrusions
Early cyber intrusion detection is ideal because it gives you a chance to limit the scope and extent of damage. CISA offered this advice to cybersecurity and IT staff as they look out for signs of a potentially-disastrous hack into a company’s systems.
- Be prepared to rapidly identify and evaluate unusual network activity.
- Verify that malware protection and antivirus software is up-to-date.
- Monitor and isolate traffic from Ukrainian organizations.
Additionally, CISA recommends that cybersecurity teams “closely review access controls” for any traffic originating from Ukraine. Ukrainian organizations are believed to be at a high-risk of being targeted by Russian cybercriminals. Once a virus or malware is injected into a system, it can easily spread and propagate without a user’s knowledge.
To empower cybersecurity and IT staff, some organizations may consider enabling secure, remote network log-on capabilities if they do not currently exist. This allows for immediate and remote access to the system, thereby allowing an investigation and remediation to begin immediately. Companies with IT and cybersecurity staff working on-site 24/7 may not need these measures, but those without a ‘round-the-clock tech team can see a major benefit in the event of a cyber breach.
Shields Up Recommendations to Respond to Cyber Intrusions
In the event that your company or organization is targeted by cybercriminals in Russia or beyond, it is essential that you are prepared to act immediately. Take the time to develop a response plan before you become a victim, with protocols and processes in place for addressing cyber intrusions and breaches, viruses, malware and other cyber crimes.
CISA’s recommendations include the following points.
- Establish a crisis response team.
- Put protocol in place for contacting key individuals to assure availability.
- Conduct a “tabletop exercise” so everyone is familiar with the process and their role in the event a cybercrime occurs.
When forming a cyber crisis response team, remember to include members from all sectors of the organization. The team should include staff from:
- IT and Cybersecurity;
- Operations and Business Continuity;
- Marketing and Public Relations;
- Legal; and
- Company Leadership and Stakeholders.
A cybercrime can impact nearly every aspect of a company’s operations. This means that it is critical for a cyber crisis response team to represent all facets of an organization, making it possible to address the full scope of the incident.
CISA’s Tips to Increase Resilience to Cyberattacks
Each company’s IT infrastructure is truly unique, so every plan for repelling and hardening against cyberattacks is going to vary. But generally speaking, there are a few measures that will work across the board to “maximize the organization’s resilience to a destructive cyber incident.”
Establish and maintain backups for your organization’s data, with a focus on mission-critical data stores.
Test backup procedures to verify that mission-critical data can be restored quickly, with limited downtime.
For companies that use software to run industrial systems or other “operational systems,” verify that manual controls and overrides are in working order. This way, operations don’t grind to a halt if the system is compromised.
Do You Have Plans in Place to Act if Your Company is a Victim of Russian Cybercriminals?
Organizations can benefit from having not one but two plans in place to respond to a cybercrime. Why two plans? Well, time is critical. You need a plan to lockdown the system, in addition to a second plan for a more comprehensive response.
The first plan of attack should focus on halting the attack and limiting the scope of damage. IT and cybersecurity experts will formulate this protocol for locking the doors and freezing the attack as quickly as possible. Think of this plan as your tourniquet; it stems the flow of blood, but additional action is still required.
The second plan should articulate a more comprehensive cybercrime response. Think of this plan as emergency surgery whereby you replace the tourniquet with a more permanent repair. This plan should involve your cyber crisis response team and the protocols must address the actual cybercrime and its immediate impact on the company.
If you suspect your organization has been a victim of a Russian cyberattack, you are encouraged to contact CISA to report the incident. CISA can be contacted 24 hours a day, 7 days a week via email at firstname.lastname@example.org or by phone at 888-282-0870.
Developing a Secure Enterprise Software Platform from the Ground Up
Some company leaders may begin addressing the aforementioned cyberattack prevention tips only to realize their enterprise software is plagued by vulnerabilities and holes. Here at 7T, we have extensive experience developing enterprise software platforms with robust, military-grade security. We’re available to work with your business to understand your unique needs from an operational and security standpoint, crafting a custom enterprise software platform that meets your exact requirements. As an innovative Dallas software and mobile app development company, 7T offers collaborative, multi-phased software development services to clients in all business sectors.