in ,

Security Experts Weigh In on How to Build Cyber Defenses During Russia-Ukraine Conflict

As the Russian invasion of Ukraine continues, local cyber experts continue to issue warnings about the possibility of cyberattacks in the U.S. From a cybersecurity perspective, Russia aims to wreak havoc on the U.S. and its allies, and Russia has already proven to be highly successful at cyber attacks.

Businesses should not have the mindset that they don’t have any valuable data that anyone would want. The reality is every business has some form of data that cybercriminals want. If you have any type of data, you don’t want it to land in someone else’s hands, so you need to protect it.

Misinformation is one of the potential risks that businesses face, along with cybercriminals using the current crisis to retrieve sensitive information from unsuspecting individuals through phishing emails and other attacks.

So, how can businesses establish effective defenses against cybercriminals? I reached out to leading security and IT experts to gain insight into how they are implementing effective battle plans and how businesses in various industries can stay secure in a global cyberwar.

Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder, LI Tech Advisors

“At LI Tech Advisors, I continuously have conversations with my clients about cybersecurity as well as formal and informal training sessions with their employees.

This is a conversation that is very important to all our clients and having them voice their concerns allows us to strengthen our relationship with them as well as offer advice to help address their concerns. With the heightened level of concern over security and hacking, we have increased our own internal defenses as well as increased the cadence of our internal security reviews.

This is especially important since the current and future battles are being fought on a different battlefield these days; the virtual battlefield of the Internet. These virtual battles, however, have a real-world impact on our country’s infrastructure, financial, and communications systems.

The best way to cripple an opposing force’s capability is to cause widespread chaos across as many systems as possible via a cyberattack, especially if you are simultaneously planning on initiating a real-world land invasion. The US Department of Homeland Security is preparing for exactly such a cyber-attack in light of the fact that Russia has invaded Ukraine.

We need to remember that Russian cybercriminals were responsible for the now-famous SolarWinds breach in 2020, where they gained access to many US Government agencies, including Homeland Security. These Russian cybercriminals had access to many key systems for over 90 days before this hack was discovered. We need to take all this into account and realize that these Russian cybercriminals may still have embedded themselves in critical systems that we have not yet discovered.

Cyberattacks, however, against the US may backfire against Russia, since any attack that a Russian cybercriminal attempts to launch will in fact tell us where our weaknesses are that need to be fortified. It’s a serious game of measures and countermeasures. For every weakness that a cybercriminal finds, we need to counter it with additional security.”

Ashu Bhoot, CEO, Orion Networks

“Quite a few clients have reached out to us with concerns asking what additional steps if any, they should be taking to protect themselves. We are advising all of our clients to be more watchful of any targeted phishing attempts, anomalous behavior in their network and also ensure all their critical data is backed up, especially if it’s on any of the major cloud providers.

We are approaching this on a case-by-case basis. For clients with larger amounts of sensitive data or ones with critical systems, we are ensuring all their security devices and software are up to date, including firmware. We have also increased the frequency of vulnerability and pen testing for a few clients. For some, we have upgraded their endpoint protection with more focused security features. We are constantly sharing emerging trends and any security breach articles with our entire team so they are aware of the latest trends. In addition, we ensure our staff is aware of various types of risks that this event can result in, so they are more watchful and can help our clients understand the risk better.”

Dave Brewer, President & CEO, BC Networks, Inc.

“We have a client with an office in a city in Ukraine. We rolled out our EDR to all the devices remotely and we have been actively monitoring all devices for any malicious behavior. We are also watching to see if the power or internet goes out. So far, there has been no impact.”

Ilan Sredni, CEO & President, Palindrome Consulting

“We have started communicating with our audience through email, LinkedIn and Facebook through articles and videos. Our clients are expressing concern about the cyberwar and its potential impact. We upgraded the defense solutions a few months ago as we noticed an increase in the attack horizon. Continued education is the key to keeping staff educated and understanding the risks in this environment.”

Jorge Rojas, Partner, Tektonic Inc.

“We have advised our clients of the potential increase in cyberattacks. Some of our clients are concerned about the risks of cyberwarfare and the potential impact on them and some are not.

We are increasing our toolbox with additional security options, like DNS filters, and MDR service. Some clients have already opted in. Also, not too long ago, we blocked traffic on all our managed firewalls from traffic outside the US and Canada. Although not perfect, it gives a bit more protection. We have also taken measures to ensure our staff fully understands the risks associated with increased cyber warfare activities by holding cyber security meetings to ensure we are all on the same page.”

Reid McConkey, Founder & CEO, Resolved Business IT Solutions Inc.

“We have told all clients about the implications an ongoing conflict has on cybersecurity. Threats are up, especially if you’re an essential business or a part of our supply chain.

Our clients are relatively unconcerned. However, depending on your industry, this response may be inappropriate. Any “essential” industries should be on high alert for cyber threats aiming to disrupt our supply chain.

We’ve outright blocked all web traffic, e-mails, and communication to and from Russian, Ukrainian, Belarussian, and Chinese network traffic to our client networks. All of our “North America Only” clients are “digitally invisible” to the countries with the most prevalent cyber threats.

We’ve implemented a three-times-weekly meeting to have our management team brief the cybersecurity team on the latest changes to cyber threats. All staff responsible for security are required to attend these meetings and inform their clients of certain information. Communication is by far the best tool we can all use to work together to protect ourselves.”

What Else Should Businesses Be Doing to Stay Secure?

The following are mission-critical in these times of uncertainty, but they are also best practices in general.

  • Secure your hardware – make sure you are using the latest security patches and complicated passwords are being implemented. Use 2-factor authentication where possible. Also, make sure that you turn on BitLocker device encryption for all your Windows 10 devices and enable remote wipe any mobile devices that might be lost or stolen in order to protect the data it has access to.
  • Encrypt and Backup data – you need to make sure you prevent physical access to sensitive data and also render it useless if it falls into the wrong hands. Data encryption is the best “quick fix” for data breaches. If a data breach should occur, the data would be inaccessible.
  • Perform a network security scan – you should periodically run a network security scan of your network to see what devices are attached and where security holes may reside.
  • Train your employees – One of the weakest security points is your employees. Ongoing training is very important to maintain a heightened level of awareness of cyber threats. Purchase a cyber security training service that will automatically send out fake phishing attempts to test your employees and train them if they fail.
  • Invest in cyber insurance – consider this business continuity insurance in the event that any of the security measures you have taken fail. If you fall prey to a ransomware attack, cyber insurance will help you recover by offering financial support to quickly remediate the issue.

I do not want businesses or organizations to go into panic mode, but I do believe it is smart to be vigilant at this time. Businesses and organizations are encouraged to conduct an audit of their systems to determine any potential risks that need to be addressed.

Leave a Reply

Your email address will not be published. Required fields are marked *

Photo by Tima Miroshnichenko from Pexels

Threat Advisory: BlackByte Ransomware

Jacobs Appoints Steve Arnette President of Critical Mission Solutions Business; Succeeds Dawne Hickton