Russia has invaded Ukraine, and while it may feel like a selfish time to think about it, you are probably wondering if this conflict means that cyberattacks from Russia will also begin to flare up.
That fear isn’t just paranoia, either: The U.S. Department of Justice said as much last week, warning business leaders that they would be foolish not to harden their security postures as tensions mounted. With that tension turned into all-out war it’s an even better time to think about how to stay safe against potential attacks.
“Whenever there is a conflict related to Russia, you should expect to see force applied on the cyber domain as well because it creates disorientation, lack of trust, and fear,” said Ariel Parnes, COO and cofounder of cybersecurity company Mitiga.
What sort of attacks should U.S. businesses expect?
Cyberattacks against U.S. companies aren’t a question of if, they’re a very inevitable “when.” See an example of the potential havoc state-sponsored cyberattacks can inflict: The Colonial Pipeline attack.
ADDITIONAL RESOURCE: FBI Recommended Passwords
Scott Kanry, CEO at cyber risk management company Axio, said that we’re likely to see attacks like DDoS, phishing, activation of persistent malware and more across the 16 critical infrastructure sectors; potentially all the way down to small but vital local organizations. “We should also be paying attention to the other organizations that are critical to a functioning society, like hospitals, schools, health clinics and local banks. Often the smallest organizations lack even basic cyber defenses which make them vulnerable to an attack,” Kanry said.
While individual companies may be at an increased risk of attack, Parnes warned that many companies will become collateral damage in attacks against infrastructure. That doesn’t mean organizations should only plan for infrastructure outages: It’s possible that some critical companies may have been compromised in the past, and now Russia or another bad actor is simply waiting for the right time to make use of their back door.
ADDITIONAL RESOURCE:1/3 Employees are Likely to Fall for Phishing Scam
How your organization can prepare for increased cyber threats
“There is only so much you can do now to prevent a cyberattack in the immediate future, particularly if you are targeted by Russia or a state-sponsored attacker,” Parnes said. That may be a grim outlook, but don’t let it dissuade you from doing everything you can to minimize your risks.
Kanry said that businesses should be following standard best practices:
- Implement strong password hygiene policies
- Ensure systems are patched and updated
- Make sure networks are properly segmented
- Implement robust MFA across every user and business application
We know security is vital to your business
That is why we already have you covered with traditional security safeguards like firewalls, anti-virus, and anti-malware. In addition, protect your network with internal cybersecurity, such as monitoring and email filtering.