What’s happening in the Ukraine is an example of the worst that humanity has to offer. Millions of people being displaced, and thousands being killed. Our collective governments are walking a fine line in order to help prevent loss of life there and here. In addition, Ukrainians, prior dodging bombs and bullets, dealt with cyberattacks and Russian Hackers on a wide scale.
Unsurprisingly, the White House and CISA published a directive “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.” To those in the security community, this is nothing new, we know this is been going on forever.
These attacks would be designed to cripple critical infrastructures wherever they are successful. That means going after the Internet itself, the electrical grid, water supplies, and the financial systems. All of this will have a significant impact on the supply chain, including the food supply.
If you haven’t already been, do these things NOW to Protect Yourself and Your Business from Russian Hackers:
- Mandate the use of multi-factor authentication on your systems to make it harder for Russian Hackers and other attackers to get onto your system;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to Russian Hackers and other malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it cannot be used if it is stolen;
- Provide security awareness training. Educate your employees to common tactics that Russian Hackers and other attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.
9. Focus on bolstering America’s cybersecurity over the long term.
We encourage technology and software companies to:
- Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
- Develop software only on a system that is highly secure and accessible only to those actually working on a particular project. This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.
- Use modern tools to check for known and potential vulnerabilities. (Use Protect Now’s Hacked Email Checking Tool) Developers can fix most software vulnerabilities — if they know about them. There are automated tools that can review code and find most coding errors before software ships, and before a malicious actor takes advantage of them.
- Software developers are responsible for all code used in their products, including open source code. Most software is built using many different components and libraries, much of which is open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it.
- Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built and deployed. We encourage you to follow those practices more broadly.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.