With Russia’s invasion of Ukraine, the threat of a massive cyber attack might be just around the corner. Businesses should be doubling their corporate security to mitigate or counteract the damage. The U.S. Cybersecurity and Infrastructure Security Agency and the European Central Bank have both issued warnings about the increasing probability of a Russia-led cyber warfare on the globe.
Russian state-sponsored actors have compromised third-party infrastructure, third-party software, or developing and deploying custom malware. The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments including cloud environments by using legitimate credentials.
At this point, companies should URGENTLY take the following steps:
Examine Your Business Continuity Strategy
Generally, a cyber security problem can be contained and it will be business-as-usual in no time. But these are such perilous times that the next cyber attack could have a devastating impact. Does your business continuity plan cover prolonged downtime from a widespread attack? Do your contingency processes include an analog way of doing business i.e. using pencil-and-paper for days, weeks, or months? Here’s a shocking but true case study – when Saudi Aramco was hit by a cyberattack, 30,000 corporate laptops were reduced to paper weights for days. Now is the time to re-examine your business continuity plan by asking yourself – “If my IT systems go down, how am I going to track my inventory, manage my accounts, secure data or communicate with my team?”
Mitigate The Effects Of A Cyber Attack On Your Supply Chain
While it’s productive to be optimistic about an imminent recovery, risk managers in both public and private sectors should also be mindful of business-ending scenarios in case of a supply chain breakdown. A heightened sensitivity to a potential supply chain crisis helps us prepare for extreme challenges such as longer lead times, reduced capacity or having to seek new suppliers.
For example, Ukraine’s Ministry of Foreign Affairs reports that more than 100 of the world’s Fortune 500 companies rely at least partially on Ukrainian IT services, with several Ukrainian IT firms being among the top 100 outsourcing options for IT services globally.
It’s not just your own systems that you should be focusing on; consider who else in your supply chain has access to your data and systems. Using a secure integrated risk management system to work with suppliers, rather than sharing spreadsheets for example, can help reduce the risk of breaches.
Source Reliable Security Intelligence
Connect with cyber and intelligence teams in your industry as well as federal and local government partners who are closely watching the same threats. Reach out to your regional authorities or visit cisa.gov to stay on top of cyber crime alerts. The goal is to share anomalous or malicious cyber activity in your business community for greater awareness and defense.
Another way of sourcing cyber security intelligence is by leveraging data. Predictive analytics is essential for producing meaningful insights, trends and models. By using artificial intelligence and machine learning, risk managers will immediately know the threats to look out for and what to do about them.
Promote A Security-First Digital Culture
Companies of a particular industry looking at cyber security, geopolitical risk, and physical security should work together to fight a common enemy, not operate in silos. Cooperation of cyber intelligence teams across an industry can share information and tactics for a better chance of success in fighting off cyber attacks.
Encouraging digital security as a standard industry practice – like the use of multi-factor authentication (which, according to CISA Director Jen Easterly makes you 99% less likely to get hacked), patching up vulnerabilities, ensuring passwords are strong, and remembering that phishing is still the number one attack vector, even for sophisticated adversaries — all of these can contribute to better overall security.
Engage Cybersecurity and Response Experts
The Security and Operations Center (SOC) is where the cybersecurity strategy of a business is coordinated and implemented. It is composed of the three building blocks of people, processes and technology that go hand in hand to manage and enhance the organization’s security posture.
With their access to the latest threat monitoring and detection tools, SOCs allow for a more sophisticated monitoring of business networks. Consequently they are in a better position to recognize and contain threats due to increased visibility and control over security systems. These tools are critical in enabling SOCs conduct analysis and threat hunting to preempt attacks before these vulnerabilities and issues cause incidents in the first place.
Round-the clock continuous protection
Security operations centers run round the clock, 24/7 all year round. This continuous monitoring is vital in detecting the first signs of anomalous network activity. After all, attacks don’t follow the conventional schedule of a 9 to 5 office shift on weekdays. SOC team members monitor for potential vulnerabilities round the clock to apprehend threats at all hours – regardless if they’re in-house, hired, or virtual.
Detection and Incident Response
SOC monitoring capabilities are fundamental to enterprise compliance of security regulations such as the General Data Protection and Regulation (GDPR) and the California Consumer Privacy Act (CCPA) for example. These regulations require particular security monitoring functions as outlined in the above mentioned.