Hound Labs Blog_Cybersecurity_1200x628px

How Current World Events May Impact Your Cybersecurity

By DON BOIAN
Chief Information Security Officer
Hound Labs, Inc.

Jun 23, 2022

In his latest Security Snapshot, Hound Labs’ CISO Don Boian discusses ways to reduce cyber risks as world events could impact the business continuity of organizations across all industries.

As tensions heighten around the globe, it is critical organizations review their cybersecurity measures to ensure they are taking steps to reduce the chances of falling victim to phishing, ransomware, malware, or any other type of malicious activity.

One of the most impactful steps a company of any size can take is improving employee awareness. A safety-centric culture across departments can empower employees to report risks associated with physical safety and abnormal activity on information systems. Not all cyberattacks take advantage of a user and result in penetration of the company’s system. Still, the most common infection vectors are through a user – clicking a link, browsing a page, sharing their password, or choosing a weak password.

Therefore, educating your employees about the importance of security to your network is critical. Enabling employees to be your first line of defense can boost security and enhance safety.

Don Boian, Hound Labs’ Chief Information Security Officer, provides actionable insight on how organizations can dramatically reduce their level of cybersecurity risk.

IMPACT OF WORLD EVENTS

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases. These Russian cyber actors1 are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate.2

Each of these organizations performs cyber operations for various reasons. The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Some Russian cyber actors may gather intelligence while others are financially motivated. Cybercrime is big business as global losses to ransomware are projected to reach $42 billion within the next two years.3 The economic sanctions that many nations have put in place to influence Russia will most likely trigger an increase in the illicit business of cybercrime4 to help offset losses to what was legitimate trade.

ADDITIONAL THREATS

Russia isn’t the only cyber actor increasing its pace of cyber operations during this time. While the world focuses on Ukraine, other state actors have increased actions to penetrate government and private sector organizations.5 While you might think these actors are interested in government and defense information, their operations prove they are interested in much more – including software development and information technology, data analytics, and logistics.

Your company’s intellectual property may be a target – and don’t think you are not just because you aren’t associated with defense contracting. Cyber actors are commonly after intellectual property or revenue.

FIVE TIPS TO REDUCE THREATS

Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. businesses called #ShieldsUp.6 Many of their recommendations are basic cybersecurity hygiene that require minimal effort to implement but can dramatically reduce your risk:

  1. Ensure all software (operating system and applications) are updated and patched. Enable auto-update features if available.
  2. Educate your employees on threats and risks such as phishing and malware.
  3. Enforce strong passwords and implement multi-factor authentication (MFA).
    • Educate users about using a unique password for each account.
    • Enforce higher security for privileged accounts (administrators, root).
  4. Segment or isolate portions of your network that are critical to your business, process, or store sensitive information.
  5. Configure all IT systems with hardened profiles that only allow network services essential to your business function.
    • Harden or eliminate the use of protocols such as Remote Desktop Protocol (RDP)7 and Server Message Block (SMB).8

In addition to the best practices above, it’s prudent to also have plans and procedures in place if a cyberattack is successful. These procedures will not only help get your business back up and running more quickly, but are critical to staying compliant with state9 or federal regulations10 requiring the reporting of cyber incidents. Just as businesses focus on resiliency and disaster recovery, they must also consider a cyberattack or incident that can cripple their product and/or revenue.

As the world watches the events in Ukraine, cyber incursions by hostile actors will continue across the globe. These threats will continue to plague businesses and our personal lives for the foreseeable future. Instead of falling into the trap of thinking you won’t be a target or have nothing of value for cyber attackers, take these steps to address and prepare to defend against these risks.

For more details on how to harden your IT infrastructure to ransomware attacks, consult the CISA and Multi-State Information Sharing and Analysis Center’s Ransomware Guide.11

REDUCING RISKS

Even by following these tips, organizations can still find themselves victims of a cyber breach. To ensure employees remain alert, it is important to deter alcohol and drug use immediately before or during work hours. Employees working while under the influence aren’t just an internal cyber risk to an organization but can become an external risk as they can unknowingly provide a backdoor into a partner’s IT systems.

Organizations may want to expand their definition of safety-sensitive positions to include physical, cyber, and brand security roles, and modernize workday drug testing policies to deter use immediately before or during working hours.

Learn more about the shifting views of safety-sensitive roles by reading ‘What Determines if a Position is Safety Sensitive.’

This article was originally published by Last Watchdog, a privacy and security website. Click here to read the original.