Russia’s attack against Ukraine has shocked the world, and you may be surprised to learn that this might have a direct impact on your business in the way of cybercrime. Due to the significant increase in cyberattacks as part of the assault on Ukraine and its allies, we felt it was important to provide some information for you and your staff to help you protect yourself during this difficult time.
Cyberattacks are increasingly a common part of modern warfare. As part of the Russian attack on Ukraine, cyber threat actors have deployed destructive malware against organizations in the country to destroy computer systems and render them inoperable. Destructive malware can have a huge impact on an organization's daily operations, presenting a direct threat to vital systems and impacting the availability of critical assets and data. These attacks are likely to continue and will probably spill over to affect organizations in other countries unintentionally.
Our Security Operations team is closely monitoring CISA (Cybersecurity & Infrastructure Security Agency), as well as all public information regarding the threats we are seeing from Russia. As a managed services provider, we work closely with our clients and partners to report any specific items which might have an impact. If you are a client reading this blog, please reach out to your Strategic Advisor with any questions you may have.
There are plenty of things that you can do to protect yourself and your organization. You are a vital part of the cybersecurity protocols and processes that protect your organization.
Please continue to focus on the fundamentals of cybersecurity, whether at home or at work. The sense of urgency might have changed, but the methods that cyberattackers use to target us have not. The two key points to focus on are as follows:
Phishing - Phishing attacks and related scams are when bad actors online attempt to trick or manipulate you into doing things that you shouldn’t do or reveal privileged or confidential information. These attacks are often sent as emails, but phishing scams can also use SMS messaging, social media, or even telephone calls. Whenever someone attempts to create a sense of urgency, to rush you into taking action with an artificial time limit, or promotes something that is too good to be true, it is most likely an attack. Taking time to double-check anything that feels uncertain, and go through best practices, is always a sensible approach.
Passwords - Strong passwords are the key to protecting your online, digital life. Every one of your accounts should be protected by a unique, strong password. The longer your passwords, the better. Passwords made up of multiple words like “honey-butter-happy” are particularly effective. Can’t remember enough passwords for all your different accounts? Neither can we! Therefore, we recommend using a password manager to securely store all of your unique passwords so you only have to remember one master password. Finally, wherever you have the option, enable multi-factor authentication (MFA) on your important accounts.
The final aspect of this increased threat level online is that there will be a tremendous amount of false and misleading information spread on the internet. Do not trust or rely on information from new, unknown, random, or suspicious-looking social media accounts or unauthenticated posts on LinkedIn, Facebook, Instagram, or Twitter. Many profiles and accounts on these platforms have been created specifically for the purpose of proliferating fake information. Instead, rely only on information from well-known, trusted, and fact-checked news sources who verify the authenticity of information before broadcasting or publicizing it. It is also worth checking and verifying the authenticity of any charitable causes or philanthropic organizations related to the war in Ukraine before donating. Scams focused on charitable giving are also rife, so give to well-known, trusted charities rather than newer, smaller, unverified initiatives.
Above all, please continue to focus on cybersecurity fundamentals and online health checks. Tried-and-tested methods will go a long way towards protecting yourself and your organization, no matter who the cyber attacker is. Savvy, manipulative threat actors are going to try their best to leverage and capitalize on the anxiety, fear, and heightened emotions that many of us will be dealing with during these uncertain times. Prompt and clear communication is key and the first step towards navigating these situations safely and securely.