As the world watches the military events unfolding in Ukraine, the world prepares for cyber repercussions. The United Nations, individual countries, and economic organizations are imposing sanctions against Russia. The Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Homeland Security have published advisories regarding the potential cyber-attacks coming from Russia.
Many experts believe these efforts will increase cyber-attacks coming from Russia and criminal organizations siding with the Russian cause, and preliminary intelligence information is backing up these suspicions.
Many industries have begun additional preparations to protect and defend their systems, enhance detection capabilities, and refine their response and remediation program. The likelihood of these attacks occurring against critical infrastructure, key global economic sectors, the defense industrial base, civilian media and communications, global supply chain and manufacturing, and organizations that support these institutions is at an all-time high. The goal of the nation-states and criminal organizations is to provide wide-scale disruption, fear, intelligence gathering, and political leverage.
Ensure users are trained in spotting and reporting cyber security events and the proper response to phishing emails. Conduct regular tests and training to reinforce cyber security training.
Ensure that your security tools are up to date and are functioning and when feasible, layer your security tools. Examples of a layered approach against malware:
Ensure that you know what systems and data are essential to your organization and how long you can operate without access to those systems and their data. Ensure you have downtime procedures and an alternative way to access that data and systems in the case of an outage. If your critical system is cloud-hosted, you should ensure you can access it even if you cannot access the hosted system.
Conduct regular external vulnerability scans. These kinds of scans are performed without access to your internal system and allow you to see what your systems look like from an external perspective. You can also look at services that gather public information, like Shodan, to see what data is being gathered about your systems.
Review your existing patching cadence based upon your interpretation of risk for your organization. Consider adjusting patch windows for vulnerabilities or flaws that are sensitive or high-risk systems, depending on your organization's existing security systems. Patch all of your equipment, not just workstations—hackers can even exploit badge scanners and firewalls to access an organization. If you can't patch a system, ensure it is isolated from the request of the devices on the network using network segmentation.
Detection and response is not optional it is a requirement. Ensure that your security detection and response tools are up to date, functioning, and monitored 24/7/365. The difference between a security event and a breach is often determined by quick detection and a swift and well-executed response.
At some point, all systems fail. The key is to ensure that the backup and recovery systems are functioning and tested and have the capacity to restore entire IT environments quickly. Your team should understand the recovery process and dependencies. Often these systems are the least protected, making them the first target for criminals. The other critical aspect often overlooked is the data and systems to be backed up. Often, user data or cloud systems are not backed up at all or even to the same degree as other critical systems. Data and system availability is the key target of criminals. Having the ability to recover the data systems in their entirety and quickly is business-critical. Depending on services delivered by your organization, this could have a national or global impact.
Coretek will continue to monitor developments related to Russian and other known threats. If you have concerns about the security of your system or would like a security evaluation, don't hesitate to get in touch with your Customer Success Manager or use the button below to get in touch.