Russia-Ukraine Crisis Increases Cybersecurity Threats

Russia unleashed a wave of cyberattacks on Ukraine, targeting government and banking systems. In addition, cybersecurity company ESET said it discovered “wiper” malware designed to erase data from targeted systems. Despite what appears to be localized attacks, it raises the specter of global cybersecurity threats.

The wiper malware, for example, also affected Ukrainian contractors in Latvia and Lithuania. That spillover offers a glimpse into potential collateral impacts of the cyber-conflict on global supply chains, especially for countries relying on the same contractors.

Apart from the wiper malware, several Ukrainian government departments suffered website outages stemming from a distributed denial of service (DDOS) attack. Four other Ukrainian websites went down a week earlier. U.S. and U.K. officials attributed the attacks to Russia’s military intelligence agency.

Governments and cybersecurity researchers have accused Russia of perpetrating cyberattacks for some time. Now, the concern rises that it could launch retaliatory attacks to respond to Western sanctions.

The concerns extend beyond Russia, as known ransomware gangs have sworn allegiance to Russia’s cause. For example, the Conti ransomware group announced it would retaliate against any known physical or cyberattacks against Russia. That cybersecurity threat escalates as more Western countries look to impose economic sanctions on Russia.

Already, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings of increased attacks on critical infrastructure and defense industrial bases. Furthermore, it declared that every organization must be prepared to respond to disruptive cybersecurity threats. Indeed, CISA launched a Shields Up website to provide organizations with free services relating to cybersecurity.

Coming to Terms with Cybersecurity Threats

The Russia-Ukraine conflict has escalated concerns regarding cyber threats. But those cybersecurity threats have always been there. Your organization must assume greater diligence surrounding your cybersecurity efforts if you haven’t already.

Last year every global organization faced 925 cyberattacks per week, according to Check Point Research. That number represented a 50% increase in attacks per week versus 2020. Moreover, the average cost for a data breach increased from $3.86 million to $4.24 million.

Attacks came in numerous forms:

• Phishing: CISCO’s 2021 Cybersecurity Threat Trends report indicates that 90% of data breaches stem from phishing.
• Ransomware: SonicWall reported 500 million ransomware attacks through September 2021. That figure amounts to 1,748 attempted attacks per organization.
• Data Breaches: Identity Theft Resources Center (ITRC) reported 1,291 data breaches through September 2021. Businesses lose four million files daily.
• Malware: Through September 2021, SonicWall reported nearly 500 million attacks representing a 148 percent surge vs. the same nine-month period in 2020. 
• DDoS: Every minute, 16 DDoS attacks take place. Nearly 70% of organizations experience 20-50 DDoS attacks monthly.

This data reflects the reality of cybersecurity threats. If you’re a small business, in particular, you need to embrace the facts and come to grips with them.

So, what can you do to mitigate the increased cyber threat stemming from the Russia-Ukraine conflict?

Start by Instilling a Cybersecurity Culture

Cyber hygiene starts at the top. So, it would be best if you instilled a top-down culture reflecting awareness and readiness for cybersecurity. Otherwise, what starts as an IT concern quickly escalates to a business concern.

More than 90% of successful cyber-attacks start with phishing emails. Appropriate cybersecurity protocols include cyber awareness training for your employees.  Phishing schemes rely on trickery by presenting a link or webpage that looks legitimate. However, it’s a ploy by cybercriminals to have your employees reveal passwords, social security numbers, credit card numbers, or other sensitive information.

Once they access that information, they access your network to steal sensitive information. In addition, they may try to get you to run malicious software, known as malware.  Trust your instincts and think before you click if it’s a link you don’t recognize. 

The best time to create that culture is before a crisis hits. It’s far better to build communication and cooperation before disaster strikes. With the cybersecurity threats posed by the Russia-Ukraine war, there’s no better time to start.

Take These Immediate Steps to Reduce Your Cybersecurity Threat Risks

Apart from creating a culture focused on cybersecurity, you can take these immediate steps to reduce present concerns:

1. Enable Multi-Factor Authentication: According to CISA Director Jen Easterly, MFA makes you 99% less likely to get hacked. Ensure that all remote access to your network and administration includes multi-factor authentication.
2. Implement Patches: Failing to keep your software current and patched opens the door to hackers—leverage automatic updates for all devices, applications, and operating systems. Prioritize critical vulnerabilities, particularly those with a known exploit. CISA offers information on known exploited vulnerabilities.

Although you should prioritize critical cybersecurity threats, don’t neglect others. Often, hackers hoard a backlog of exploits. With the war in Ukraine creating a deflection, they might use those exploits to launch an attack.

• Passwords: It’s a starting point for all security, but 80% of data breaches come from poor or reused passwords.
• Focus on Essential Business Items: If ports, protocols, software, and other items aren’t essential, have your IT personnel disable them.
• Cloud Services: Cloud services have some security concerns. Ensure your IT staff or managed IT services provider implement strong controls. Again, CISA offers insights into strengthening your cloud security configurations.

If you do nothing else, at least take action to address the above concerns.

Examine Your Supply Chain

BlueVoyant determined that 82% of organizations suffered a data breach from a cybersecurity weakness in their supply chain. So, take a close look at your suppliers and their cybersecurity practices.

In light of the Russia-Ukraine conflict, ensure that you or your IT service company aren’t reliant on Ukrainian-based software engineers, code writers, or hosted services.

Ukraine’s Ministry of Foreign Affairs reports that more than 100 of the world’s Fortune 500 companies rely partially on Ukrainian IT services. Moreover, several Ukrainian IT companies rank among the top 100 outsourcing options for IT services globally.

Cyber Threat Detection

Unlike the adage, what you don’t see can hurt you. Security starts with proper antivirus and anti-malware software. But, threat detection tools monitor networks for malicious activity. If a cybersecurity threat is detected, it alerts your security team the minute it’s discovered.

In addition, threat detection systems prioritize cyber risks so your staff can react to threats posing the greatest danger. That allows you to respond quickly to mitigate cyber threats before escalating into a full-fledged breach. In addition, logging issues or events will enable you to investigate issues more accordingly.

And remember, if you’re working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations. Moreover, review access controls for that traffic closely.

As a small business, in particular, now may be the time to find an IT services company that offers a security operations center (SOC). SOC security constantly reviews a host of variables:

• Internet traffic
• Networks
• Desktops
• Servers
• Endpoint devices
• Databases
• Applications

It looks for potential cybersecurity threats. That continual examination drastically reduces your chances of a data breach by detecting intrusion quickly.

Be Ready in the Event of a Breach

What happens if a cybersecurity threat escalates to a full-blown data breach? Sadly, many companies are ill-prepared for that event. FEMA reports that 20% of organizations have no formal disaster recovery plan. More telling, only two percent of businesses recover in less than an hour.

Recognizing your resources are finite, focus your investments on those systems most critical to supporting your business functions. Start by identifying those systems. Then, make sure you test and have sufficient measures in place to keep them active with a cyber breach.

Faced with escalated cyber threats, you must have a mapped-out pathway to recovery. A business continuity and data recovery (BCDR) plan delivers that road map. Apart from offering a path to restoring business functions, it provides that pathway with speed in mind. The faster you recover, the less the business impact.

Here are some additional steps you can take:

1. Designate a crisis-response team and assign roles and responsibilities. Make sure that plan goes beyond IT. It also needs to incorporate communications, legal, and financial departments with eyes focused on business continuity. And make sure those people, or alternates, are available to respond to an incident.
2. Make sure you have an appropriate data backup. Cloud services provide a powerful option for backing up your data in a facility outside your data center and isolated from network connections.
3. If you’re using industrial control systems (ICS) or operational technology, you should conduct tests to ensure your critical functions remain operable if your network becomes unavailable or suspect.

Being able to rebound in the event of a successful breach determines whether your organization remains in business. Focus on this fact – 96% of companies with a disaster recovery solution recover fully following a successful attack.

Remain Diligent in Light of Cybersecurity Threats

Let’s be very clear. The U.S. government has no credible information regarding cyber threats to our country. But, it remains in your best interests to stand ready and prepare for worst-case scenarios as a business owner. Protect your most critical assets by implementing appropriate security measures.

You can expect to read and hear about misinformation and disinformation. Often, the Russian government releases false reports to mask the facts. So pay little attention to random social media posts on LinkedIn, Instagram, Facebook, or Twitter. Instead, it would be best to gather information from reputable sources. Again, the Shields Up website presents a wealth of accurate, up-to-date information. It also offers numerous free resources.

If you’re looking for a local cybersecurity company to support your efforts, get in touch with our IT company. We help SMBs in Harrisburg, York, Lancaster, and surrounding areas with a host of reliable IT services, including SOC, so that you’ll get advanced knowledge of cybersecurity threats.

Talk to us about a FREE IT risk assessment. It tells you sensitive data cybercriminals can access. Plus, it identifies patch management issues, data leaks, weak password policies, and more.