It’s Time To Prepare

As Russia’s invasion of Ukraine continues, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of potential cyberattacks on U.S. infrastructure and businesses. Preparation is key to ensuring you stay operational and in business when global uncertainty increases the chances of cyberattacks. 

Let’s look at the steps you can take to prepare. 

1. Update your operating systems (OS) and security technologies.  You want to do this on all devices both at home and in the office now that the work environment is hybrid and remote.
   • Update: firewalls, Windows OS, MacOS, iPhone, Android OS, antivirus, endpoint detection response systems (EDRS), routers, virtual private networks (VPNs), servers, infrastructure equipment like wireless access points.
   • Products to consider prioritizing: FortiGate VPNs, Cisco routers, Oracle WebLogic Server, Kibana, Zimbra software, Exim Simple Mail Transfer Protocol, Pulse Secure, Citrix Servers, Microsoft Exchange, VMWare, F5 Big-IP, Oracle WebLogic, Microsoft Exchange Servers.
2. Ensure that Multifactor Authentication (MFA) is enabled.  You want to do this for cloud logins, your back up systems, Microsoft Office 365, financial institutions, and where you have critical information stored for business.  Some free authenticator apps that you can look into are: Authy, Google, and Microsoft. Another option is Identity Management solutions. 
3. Account for all computers and devices and check if they all have an antivirus or endpoint detection response (EDR) installed.  Any device can be a way into your system’s network, an entry point to your data for cyber criminals.  You want to make sure nothing has been lost or misplaced.  If there are any doubts, take whatever steps you can.  
4. Take a look at your backups.  Having backups isn’t enough, you want to make sure they work and that your data is appropriately stored, ready to be restored, and available if you need it without any corruption.  This means you are going to want to test your data restorations. Furthermore, have a copy off-site, including in the cloud since this will ensure you can get your backup immediately if there is an emergency.  
5. Get your employees onboard with these first three steps and alert them to keep an eye out for any suspicious emails or strange activity on their computer or devices. You also want to make sure your employees have a contact person on the IT team for help if they think malicious activity is going on.  In the event an incident takes place, the computer that is infected must be shut down as soon as possible to stop the attack from spreading to other devices, data, and across the network.  
6. For next generation firewalls and/or Identity Management solutions you want to enable logging and geo-blocking for all incoming internet traffic except for traffic originating in the USA. If you do business with other countries include those in your incoming traffic. Also keep in mind your employees, those traveling and who may be working outside of the US. By limiting traffic, you reduce the risk of foreign internet connections looking at your logins and infrastructure.  
7. For industrial control systems, make sure your manual controls work if you are knocked out or compromised.  Conduct a test to make sure critical functions remain operational. 

The sooner you get these seven steps done, the more prepared your business will be for an attack.  These steps are not the all-inclusive cybersecurity solution, but they serve the critical points that will keep you operational and save your business from huge repercussions. 

• For industrial control system companies, not only does your business stay operational, but everyone who depends on you will also be saved from chaos. 

Keep in mind that a cyberattack involving cyberwarfare will not be like a ransomware attack where cyber criminals ask you for money for your data or blackmail your clients.  What happens in foreign intelligence agency attacks is to immediately kill your infrastructure, destroy your data, and/or plant a dormant infection that you will know nothing about until it’s too late. 

To give you a clearer idea of infrastructure attacks due to cyberwarfare, here’s a list of what to keep in mind as possible disruptions for your business.  

• Loss of internet; loss of electricity; loss of water and wastewater; disruption of satellites; disruption of applications and services such as financial and banking access or credit card machines; and finally, disruption of local government services such as 911 call centers or traffic infrastructure. 

If there’s anything we can do to help, reach out by scheduling an appointment on our calendar: https://calendly.com/ncxgroup