28 Feb Inside Scoop on Cybersecurity in the Context of Ukraine Events
We work actively follow cybercriminal news and trends, whether the threat actors are nation-states or criminal rings. Recent events in Ukraine are stirring speculation in the media about what is and what could be happening in the world of cybersecurity. We wanted to share our perspective to give you a ground-truth assessment of the current threat landscape here in our region at the end of February.
There has been no atypical growth in cybercriminal activity as of now, although the FBI has warned of increased potential of nation-state attacks against institutional targets like government, utility, education, and healthcare organizations, as Russia responds to increasing sanctions. Russia has advanced cyberattack capability. Unrelated to the Ukraine, the ever-quickening cadence and expanding sophistication of general cyber attacks continues to wreak havoc with US businesses.
Cybercriminals are opportunistic. Even if not acting for political reasons, criminals may strike using tools and techniques stolen or repurposed from the nation-states who developed or discovered them. Phishing attacks using themes in the latest news headlines are common. For small businesses and nonprofit organizations, the best defense is following good cyber hygiene practices. In particular, we suggest these six proven shields:
- Take a least-privilege approach to computer and data access. If a person does not need to access to a folder, file, or computer, they should not have permission to do so. If they, their account, or their device is compromised, this principle significantly limits damage.
- Activate multifactor authentication (MFA; sometimes called two-factor authentication or 2FA). Passwords are inherently weak and subject to compromise. Multifactor systems are often easy to activate these days, and they should be enabled. This feature alone prevents lots of unauthorized access and blocks many attack vectors. App-based multifactor authentication is typically more secure than txt-based multifactor authentication because cell numbers can be compromised at mobile phone providers outside your control.
- Replace legacy antivirus software with next-generation Endpoint Detection and Response (EDR) solutions. EDR uses automated, AI-powered techniques to stop ransomware before it can deliver its full payload.
- Add SNAP-Defense to your layered security system. A Security Operations Center (SOC) staffed 24 x 7 x 365 responsible for watching your infrastructure as a whole- not just individual computers- is invaluable to halt intruders who have penetrated automated defenses.
- Cybersecurity awareness training that includes monthly phishing assessments reinforces the idea that cybersecurity is everyone’s responsibility. Train your staff to be suspicious of unexpected dating/relationship invitations, requests for donations to Ukraine, and solicitations for cryptocurrency purchase opportunities or insider info. These three phishing topics have been trending all month and are expected to continue.
- Air-gapped and ransomware-resistant backups are critical. Modern attackers intentionally infect and destroy data from online backups first. This includes USB drives, NAS boxes, redundant servers, RAID, and cloud synchronization. Technologies like BDR and Advanced Cloud Backup avoid ransomware attacks.
Are you taking advantage of these six defenses? We also suggest considering cyberliability insurance, and most carriers today require all six of these defense layers to continue coverage, reduce premiums, and maximize coverage.
Whether we are your IT department or you’d like us to assist your current IT department, we are here to help protect you from the latest threats. Be ready for modern cyberattacks and contact us today to review your security posture and layers of defense.