Skip to content

You Are Defending Our Country, Whether You Know It or Not

November 2022 Newsletter - If you’d like to read this newsletter at the same time as our subscribers, please sign up here.

You Are Defending Our Country, Whether You Know It or Not

Our focus this month is cyber warfare and the risks posed by nation-state attacks on U.S. companies, service providers and infrastructure. Before you say, “That’s not me,” consider that anyone who operates any kind of web site or Internet-connected device offers a door to our cyber infrastructure. Leave that door open, even a crack, and foreign adversaries may attempt to use it to create chaos and fear.

We think of cyber security in terms of risks to ourselves, our businesses or our clients and customers. Those threats still exist, but threats from determined, professional nation-state agencies are on the rise. The good news is that the same steps you take to prevent criminal cyber attacks, such as hiring a VCISO, can help to harden your organization against nation-state attackers. Depending on what your organization does, you may need more robust protection, but any improvement in cyber security makes you a less-attractive target.

BREAKING: Deutsche Bank Deputy CSO Says Luck, Not Preparedness, Is Catching State-Sponsored Attacks

Organizations may be relying on hunches rather than alerts, according to Deutsche Bank Deputy Chief Security Officer Carsten Fischer. Speaking at the KuppingerCole Cyber Leadership Summit in Berlin, Fischer noted that nation-state attacks are often detected because “somebody saw something looked a bit strange and they reacted to it.”

Fischer also explained that CISOs are finding it difficult to detect state-sponsored cyber attacks, in part because hackers now use ransomware and wiping programs to erase all traces of their activity. In addition to concealing the methods and impact of a specific attack, this leaves no forensic evidence that could be used to prevent future attacks.

Fischer stressed the importance of cyber security training throughout organizations as a way to deal with nation-state attackers. “You probably need to train your people to look for something that really doesn’t look malicious,” Fischer said.

Stat of the Month


The number of nation-state cyber attacks targeting critical infrastructure detected by Microsoft in the past year, as outlined in their Digital Defense Report 2022. This percentage doubled from 2021 to 2022, rising from 1 in 5 attacks to 2 in 5. Nearly half of these attacks targeted IT firms in NATO-member nations, including the United States.

Want the Most from Cyber Security? Make It Personal.

Sign Up Now for Our Free 30-Minute Seminar on Wednesday, December 7

I need you to join me on December 7 for a seminar that will improve the effectiveness of your cyber security program. Increase the Effectiveness of Security Awareness Training by Making It Personal is based on what I have learned as Head Trainer at Protect Now: When you change hearts and minds, you change behavior.

It is no secret to CISOs that the weakest link in any cyber security program is people. People trust. People want to help. People will undo security with the best intentions. By making cyber security awareness personal and individual, we maximize the impact of all cyber security measures, hardening your organization against social engineering, phishing, text and online attacks.

Sign up now to close the human gaps in your cyber security.

New Russian Ransomware Exploits a Common Security Failure

Set up two-factor authentication now. Ukraine’s National Computer Emergency Response Team (CERT-UA), recently detailed a new Russian ransomware program called Somnia that targets poorly protected VPNs.

Using fake websites that promote free IP scanners, the Russian hacking group known as Z-Team installs malware on the target’s hard drive. This malware attempts to gain VPN access to business networks. Once inside, it can exfiltrate data or simply wipe it out. The hackers do not ask for ransom payments to restore access or data, they simply take what they need and then wipe networks clean.

This attack can be stopped simply by having two-factor authentication on all VPN networks.
This added security step takes minutes to set up and adds seconds to the time it takes to log in. It is among the most basic security measures you can take, and it should be a requirement for every organization for every critical login; not just VPN access, but email, shared workspaces and company infrastructure. You probably see the request to set up two-factor authentication when you log in to your email or VPN. Heed it. Somnia may currently be directed by Russia at Ukraine, but you can be certain that it, or something very much like it, will be attempting to access your devices in the near future.

As a bonus tip, never download software from the Web unless you are 100% certain that the source and the site are authentic. Smart organizations have company-wide bans on software downloads, and some even block users from downloading anything without authorization. That may not be the best solution for your organization, but two-factor authentication always is.

Now Booking Cyber Security Keynote Speeches and Appearances for 2023

Protect Now Partner and Head of Training Robert Siciliano is now booking keynote speeches and corporate appearances for 2023. Reach out now to put your event on Robert’s calendar.

After he became a victim of identity theft through his own small business, Robert began a campaign to help business owners protect themselves against cyber threats. His engaging, entertaining speeches drive home the message that cyber security begins with individual security, and that every member of an organization has a role to play in preventing attacks.

Robert has been featured in The New York Times and interviewd by ABC, CBS, CNN and NPR. He has been a featured speaker for MasterCard, Intel, Morgan Stanley and RE/MAX, and his appearances generate enthusiastic responses and meaningful changes in cyber awareness.Learn more and contact Robert to book an appearance at https://protectnowllc.com/cyber-security-speaker/.

I hope this month’s newsletter opened your eyes to the growing number of nation-state attacks happening in the United States. Few of us signed up to be soldiers in a cyber war, but anyone who operates or uses online tools needs to understand that we are the first line of defense when adversaries look for ways to disrupt our cyber infrastructure.

The same basic tools and techniques that thwart criminal hackers will help to deter nation-state attacks. Foreign adversaries, like criminals, rely heavily on social engineering and poorly secured systems to gain access to the bigger targets they seek to compromise. You do your part to protect everyone with simple security, which I’ll discuss in-depth as we wrap up 2022 next month.

If you have any additional questions, we're here to help: (800) 658-8311

Stay safe out there, and see you September the 6th.

Robert & the Protect Now Team

CALL US: (800) 658-8311