President Biden Addresses Russian Cyber Threat To US Enterprises
Over the past month, tensions have mounted at the Russia-Ukraine border as President Putin mobilized troops and made overtures of invasion.
While the real-world conflict has been minimal so far, on Feb. 15, Ukraine suffered a major cyberattack on its governmental and banking systems. This is just one of many attacks worldwide that are suspected of originating with Russian hacking groups.
Do you know what implications this has for the West and what lessons the San Jose business community should learn from these incidents?
White House Recognizes Threat Of Russian Hackers
In a recent statement, President Biden addressed these growing threats. He recognized that Russia has always been a threat to our nation’s cybersecurity, but over the course of the past month, it’s become much more dire.
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners,” said President Biden in the statement. “It’s part of Russia’s playbook.”
The statement also noted that while new measures are being enacted at the federal level to defend national assets, many of the key targets are operated by private enterprises. This is why it’s more important than ever for businesses to take direct responsibility for their cybersecurity.
“My Administration will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure,” reads the statement. “Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors.”
The statement concludes by recommending businesses review CISA’s Russia Threat Overview & Advisories.
5 CISA Cybersecurity Recommendations For San Jose Enterprises
The Cybersecurity Infrastructure & Security Agency has issued a series of defensive recommendations as a part of their Shields Up program:
Multi-Factor Authentication
Multi-factor authentication (MFA) is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are.
Make sure you have MFA enabled on every possible account—remote users, email, VPNs, password managers, etc.
Patch & Update Your Systems
Patch management is a simple yet critical part of effective cybersecurity. If a software provider releases a security patch, it’s not something owners and managers can wait to address—it needs to be installed right away to ensure systems aren’t vulnerable to a cybercrime attack.
Make sure to apply patches to your operating systems, web browsers, line of business apps, and anywhere else they may be available.
Manage Strong Passwords
Don’t let a simple password be the reason your San Jose business gets hacked. Keep the following in mind:
Password Strength
It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters.
Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack.
Password Managers
These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.
Train Your Employees
You can’t expect a firewall and antivirus solution to keep you 100% secure. Nation-state hackers know that the user is the gap in a business’ cyber armor—that’s where they’re going to aim.
That’s why cybersecurity awareness training is such a worthwhile investment. It turns your most dangerous weakness into a key strength. A security awareness training program helps your employees learn how to recognize and avoid being victimized by phishing emails and scam websites.
Verify Your IT Company’s Security Capabilities
IT support and cybersecurity are not the same things. You may have an IT partner you’re happy with that is responsive and helpful, but that doesn’t mean they’re cybersecurity experts too.
Make sure your IT company is secure and can keep you secure as well. Ask them the hard questions about how they secure their systems and yours before it’s too late.
Nation-State Attacks Have Been On The Rise For Years
Often originating in Asian and Middle Eastern countries, nation-state cyberattacks are unique in their danger because they are often executed with greater resources and near-total immunity from any sort of justice when compared to garden variety, US-based hacks.
For example, in mid-2019, Microsoft warned more than 10,000 users that their personal data may have been affected by nation-state attacks originating in Iran, North Korea, and Russia. 84% of these attacks targeted businesses, and the remainder went after individual accounts.
Many respondents in a report by Radware noted anxiety in using newer networked devices and smart technologies that are not necessarily as secure as conventional onsite IT environments.
The Most Prevalent Cybersecurity Risks
The Cloud
A recent cloud security report shows that whereas two in five managers stated they relied on a hybrid environment made up of cloud and on-premise data centers, only one in ten felt confident in the security of their data in public clouds.
Leading cloud vulnerabilities include unauthorized cloud access (42%), insecure interfaces (42%), misconfiguration of the cloud platform (40%), and account hijacking (39%).
Those responsible for cybersecurity have difficulty acquiring visibility into cloud infrastructure security and compliance (67%).
Outdated cybersecurity solutions don’t integrate with the cloud—66% of respondents said their traditional security solutions either don’t work at all, or only provide limited functionality in cloud environments
The bottom line is that if the cloud makes it easier for you and your staff to access your organization’s data, it can potentially make it easier for cybercriminals to do so as well
The Internet Of Things
The respondents to Radware’s survey shared a range of concerns about the Internet Of Things (IoT):
- Malware propagation (44%)
- Lack of visibility (20%)
- Denial of service (20%)
A popular new arena for technology, it’s estimated that there will be 64 billion IoT devices worldwide by 2025. IoT is a natural evolution of the Internet, consisting of a myriad of new “smart” and “connected” products and technologies for the commercial, consumer, and government environments.
As a so-far unregulated aspect of the IT world, IoT devices have been developed with minimal or nonexistent security features, despite the fact that they often connect over networks to sensitive data.
Should San Jose Businesses & Citizens Be Worried About Russian Cyber Attacks?
While we don’t want to incite a panic, it is important to understand the likelihood of Russian-originated cyber attacks against the western world. It’s never been more important for everyone to remain vigilant, both as private citizens and as employees and owners in San Jose.
For example, an attack could be similar to that of the Colonial Pipeline incident from last year. This ransomware attack resulted in a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.
Don’t Become A Casualty In The New Cyber War
If you need direct cybersecurity support, get in touch with the Veltec Networks team.
We offer comprehensive cybersecurity services, including SOC, SIEM, and more, to help you adequately protect your San Jose organization against modern cyber threats, including nation-state attacks.
Book a meeting with our team to get started.