Sanctions and digital measures could put the US and other NATO nations in the Kremlin’s crosshairs. Here’s what businesses can do to prepare for potential cyberattacks.
By Neil McAllister
Russia’s shocking incursion into Ukraine has stunned the world. In its wake, speculation runs high about a possible broader, behind-the-scenes fight-one that could potentially involve Russian cyberattacks against targets in the United States and elsewhere. How worried should your business be?
In a sense, the US may already have fired the first shots in this covert conflict. In a speech addressing Russia’s Ukraine invasion, President Biden said that in addition to imposing crippling economic sanctions against Russia, he had taken steps to strengthen the US’s cyber defenses and its ability to counterattack. American intelligence agencies have reportedly briefed the president on offensive options, ranging from interfering with Russia’s banking systems to disrupting its power grids and even derailing trains.
If the US enacts such measures, there can be no doubt that Russia will respond in kind. Online warfare has become a key tool in the Kremlin’s arsenal. The US has blamed Russia for a massive cyberattack that struck Ukraine just days before its military invasion. Even before that, it imposed economic sanctions in response to a wave of worldwide attacks, including Russia’s suspected involvement in the NotPetya ransomware outbreak. There’s no telling where Russia or its agents may strike next.
It’s true that small and midsized businesses, by themselves, are not high-value targets in state-sponsored digital warfare. Governments, militaries, energy, finance, and critical infrastructure organizations face the greatest risk. But that’s not to say that SMBs shouldn’t be concerned. The US Cybersecurity and Infrastructure Security Agency (CISA) has cautioned that “every organization-large and small-must be prepared to respond to disruptive cyber activity.”
There are many reasons why even small businesses could be threatened. To give just a few examples:
Financially motivated exploits, including ransomware, are likely to increase as groups seek to offset losses due to Russia’s damaged economy.
Attackers may try to install malware on your systems so that they can later be used as agents for distributed denial-of-service (DDoS) strikes against high-value targets.
Your business might not be on Russia’s target list, but what about your customers? Attackers may try to exploit weaknesses in your security to gain sensitive information about your customers in high-value industries.
Attackers might try to compromise your remote employees’ laptops to gain privileged access to more significant systems, such as those that are only accessible via a VPN.
It’s also important to note that while some cyberattacks are targeted, many others spread indiscriminately. These are often launched by criminal groups, but state actors like Russia might choose to bankroll such attacks simply to cause as much economic disruption as possible. When the global threat level is high, no organization can afford to ignore the risks.
Fortunately, while there is cause for alarm, there’s also no need to panic. The measures businesses should take to defend against the possibility of state-sponsored cyberattacks are essentially the same ones security pros have recommended all along. Many of them should already be in place in your organization.
But there’s never been a better time to make sure. If a storm is coming, here are some of the most important ways your IT staff can batten down the hatches:
Authentication and Authorization: Authentication refers to how users log in to your systems, while authorization specifies what they can do once they’re in. The two are closely related. If your company uses basic password authentication, deploying a password manager can help your staff generate and use stronger passwords for better security. Even better would be to transition to multi-factor authentication (MFA) using smartphone-based authenticator apps or even hardware keys.
And if your business handles a lot of sensitive data on a need-to-know basis, now might be an ideal time to invest in a proper identity management system that lets you implement security measures like single sign-on (SSO) and fine-grained authorization and access controls.
Email Security: Like it or not, email remains essential to modern business. Unfortunately, it’s also a major vector for malware outbreaks and data breaches. A bad actor who gains access to your inbox can wreak all kinds of mischief. Often, however, that isn’t even necessary. Carefully crafted phishing emails that look like they’re from company executives are often used to fool employees into disclosing anything from credit card information to sensitive documents.
Fortunately, hosted email services often include features that alert users to possible data security breaches before they click the fatal Send button. For even more protection, you might consider switching to a provider that specializes in encrypting email data.
Endpoint Security and Anti-Malware: No matter how hard you try to protect your network, some threats will eventually elude your defenses. That’s where endpoint security comes in. It neutralizes breakthrough threats before they can do the damage they were created to cause.
An endpoint, in this sense, generally means an end-user device like a PC or smartphone, but it could also mean an Internet of Things (IoT) device. The job of an endpoint security solution is to block spyware and other malware from running on your systems, making it an essential component of your overall security strategy.
Data Protection: Tricking employees into violating security protocols isn’t the only way for bad actors to steal your sensitive data. If they can gain access to the servers where your files and documents are stored, they can open the proverbial barnyard door.
That’s why there’s never a wrong time to review the security policies of your hosting provider or cloud storage service. Remember, also, that one of the biggest threats to company data today is ransomware. It gives an attacker access to your sensitive data, and may cause you to lose access to that data.
Business Continuity: If the COVID-19 pandemic has taught us anything, it’s that every business should have a well-defined business continuity plan. Damages in a crisis could include not just data loss, but also employees’ inability to do their work.
The first line of defense is usually a comprehensive backup and restore process, preferably to a secondary data center or the cloud. When planning for the worst-case scenario, some vendors now offer disaster recovery-as-a-service (DRaaS). It includes not just data preservation, but also features like virtual machine (VM) mirroring and automatic failover in the event of application outages.
Doubtless, pondering the full menu of security measures can be dizzying. But as mentioned earlier, it’s unlikely that any company will need to build its defenses from square one. Basic desktop antivirus applications are ubiquitous, and many of today’s popular cloud-based services have built-in security safeguards. Still, businesses should take this moment to ask themselves whether their current security measures are tough enough to confront the new, heightened threat environment.
Leaving aside software solutions, another factor that businesses must not overlook is education. The unfortunate reality is that employees remain the weakest link in a company’s data security chain. Bad actors are often able to extract information from them through phishing, social engineering, or other means. Now is an excellent time to review your company’s security training materials and either develop or acquire new ones, if need be.
Finally, work with your customers and partners to understand what they’re doing to secure their own environments and how you can present a united front. Now more than any other time in history, we’re all connected. Whenever one company suffers a major security incident, it can affect many others. Only by working together can businesses in the US and beyond successfully weather the current security crisis, to say nothing of the many others that will undoubtedly arise in the coming years.