Time to take Cybersecurity more seriously
As the title suggests, the White House has just held a press conference. The Department of National Defense briefs U.S. companies, urging them to buckle down on Cybersecurity defense. The reality is, Cyberwar is coming and we need to prepare.
It has already been a discussion that Russia will most likely ramp up their efforts to infiltrate U.S. Cybersecurity as a result of tough economic sanctions placed on them.
Just this past week, the White House continues to urge U.S. companies to strengthen their cybersecurity defenses in light of new evidence suggesting that Russia is planning cyberattacks for the near future.
The U.S. has not only been imposing strict sanctions on Russia, but we also aid Ukraine in the war. Because of this, the White House is fully expecting the Kremlin to react with cyberattacks against our critical infrastructure.
While Ukraine has been the target of numerous cyberattacks, there have been no confirmed Russian state-sponsored assaults on the United States since the invasion of Ukraine.
However, the White House began pressing US companies last week the need to strengthen their cybersecurity defenses. New data indicates Russia is engaging in "preparatory activity" for potential cyberattacks.
What is Russia gearing up for?
The Deputy Advisor of U.S. National Security shared to the press that they have issued a number of threat warnings over the last few weeks. Many center around Russia considering cyber warfare as sanction retaliation.
Furthermore, this "preparatory activity" comprises of the typical activities seen before in cyberattacks. Such as network scanning, vulnerability scanning and exploring defenses for corporate networks.
Last week, the US government held classified briefings with 100 companies to discuss sensitive threat intelligence and information, with many presumably being private companies that operate critical infrastructure.
Critical Infrastructure in the U.S. is made up of industries that include energy, transportation, communications, healthcare, emergency services, food and agriculture, and information technology.
What are we doing about it
Along with the announcement, the White House includes a checklist for organizations to follow that will bulk up their cyber defense.
The reality is that although the U.S government is doing their best to provide tools and resources to protect everyone against cyber warfare, most of the Nation's critical infrastructure is owned and operated by the private sector.
As a result, the private sector must act to protect the services Americans rely on.
In addition, the White House has issued a checklist for businesses to follow that will bulk up their cyber defense.
- All companies must mandate the use of multi-factor authentication. This step alone is the best way to make it hard for hackers to infiltrate your systems.
- Set up up-to-date security tools on your computers and devices that continuously look for and mitigate threats.
- Set up some time with a cybersecurity professional to ensure that your systems are patched and protected against known vulnerabilities. Make sure you are changing passwords across the network. This makes sure any previously stolen credentials are useless to bad actors.
- Back up your data! And make sure you have offline back-ups beyond internet reach.
- Make sure to run through exercises and emergency plans so that everyone is prepared to respond quickly, in case of an attack this will mitigate damage.
- Encrypt your data. It will prevent it from being useful to actors if stolen.
- Educate your employees on common attack tactics. Email is the best way hackers will try to infiltrate your systems. Encourage employees to report any suspicious activity like uncommon crashes and slow operating systems.
- Lastly, proactively engage with your local FBI field office or CISA Regional Office to build connections ahead of any cyber problems. Please encourage your IT and security leaders to visit the CISA and FBI websites. These sites contain technical knowledge and other relevant resources.
Performing these steps will therefore not only protect your network from Russian cyber criminals, it will prevent any type of cyberattack from infiltrating your systems. Including ransomware and data extortion.
Download our free ebook for practical ways your company can minimize cybersecurity risks.
Common Cyber Threats
It is common for threat actors to collect and sell stolen login credentials on dark web marketplaces, which are subsequently used by other threat actors to infiltrate corporate networks.
Like I mentioned before, using multi-factor authentication will prevent most attacks that use stolen information.
Another common method used by threat actors to enter corporate networks is to exploit vulnerabilities in routers, firewalls, and servers that are exposed to the Internet.
As a result, it is vital for all enterprises, large and small, to install security updates to their devices as soon as they are available.
Furthermore, businesses should not expose servers to the Internet and should instead place them behind a VPN to keep threat actors from targeting them.
Increasing a network's security posture is not always easy and can be expensive. The alternative is significantly worse if you're forced to restore servers, face data breaches, or discover your data is encrypted.
Overall, it's been a hectic time for the cyber world. Stay protected by following the checklist. Prevent your business from being the target of one of these hackers.
If you'd like to discuss cybersecurity measures your own business can take, feel free to book a time to chat with me via the Calendly link below. We’re happy to suggest the best solution for your needs.
STG IT Consulting Group proudly provides IT Service in Greater Los Angeles for all of your IT needs. We look forward to meeting with you!