Shoring Up Your Cybersecurity Defenses In The Face Of War

Published On: March 22, 2022

This post was contributed by Michael Cote, Senior Cybersecurity Solutions Engineer at TrustMAPP.

The instability and unpredictable nature of war have the potential to wreak havoc within the cybersecurity community. Issues that are addressed with attentive regularity are now amplified with scrutiny and severity. As the pieces of war are strategically moved between Russia and Ukraine, any means are sought to weaken each other’s resolve. At the same time, increasing sources of financial support to weaken the enemy and strengthen offensive and defensive capabilities are being put into effect.

How can you protect your organization from the threats created by this conflict?

Aggressors will sow seeds of discord and confusion that open organizations to many potential threats. Let’s focus on three main concerns:

  1. Communications
  2. Ransomware
  3. Supply Chain disruptions.

Communications

Preventing information flow in either direction can create massive panic as the public and the world lose vital information on food, water, supplies, safe zones, and the ability to communicate with our loved ones. How prepared are you to establish communications with your business resiliency team if undersea communication cables are severed or satellite links disrupted? How would you be able to respond if you no longer were able to use your email or cellphones? To put it plain and simple, if you cannot communicate, you cannot function.

ICANN CEO Göran Marby wrote “As you know, the Internet is a decentralized system. No one actor can control it or shut it down.” That is good news overall for communications stability. With Russia’s 2019 claim that its internet can function when isolated from the rest of the world, can we assume they would have an advantage if our communications were shut down but theirs continues to operate? Returning to pen and paper, or another analog system, may very well be a reality in some cases. Is your business prepared to operate in such a way? Perhaps investing in satellite phones would be a more prudent method of securely connecting your critical infrastructure with your response teams and supply lines. Have you checked if any of your third-party suppliers are Ukrainian-based? Ukrainian IT outsourcing firms have a big footprint when it comes to global services. Peer network connections should also be used to improve your ability to communicate threats and intelligence to one other for faster and more accurate mitigation. Make sure your teams know whom to contact at the FBI, CISA, and your vendors. As a last resort, and this may sound silly until you need it, there is one other resource that appears to have uncanny stability in the face of adverse circumstances, most commonly natural disasters. But because it uses radio waves and is not secure, it’s rarely mentioned. HAM radios. Ham operators can communicate locally or globally, with millions of frequencies available, at a very low cost and they have proven reliable time and again. It may seem extreme and archaic, and it works, but only in an UNSECURED manner. As a final note on communication, make sure your teams have built strong relationships with those you depend on to function effectively. Don’t wait until disaster strikes before you make those connections. Develop a strong network across all facets of the security realm and do what it takes to keep those relationships ongoing and permanent.

Ransomware

Expect an increase in Ransomware attacks to fund aggressive regimes. As the world shuts down access to Russian banking assets, and as Russia loses income from the world refusing to purchase Russian-made products, their ability to fund war becomes severely damaged. Illicit funding sources would then be sought by all means available to this highly technical and capable adversary. And those attempting ransomware attacks would not only come from Russia. Proxy aggressors such as China, North Korea, and Iran could support an illicit funding campaign to aid Russia. Know also that Geofencing will not be a very effective countermeasure since proxies here in the U.S. deliver most of those attacks.

  • What are your ransomware response processes?
  • Are you prepared to communicate with a ransomware attacker?
  • Do you have leadership roles assigned to address the media in the event you experience a ransomware attack?
  • Do you have statements in place to address your customers’ concerns about this attack and potential data loss events?

Supply Chain

Losing access to parts and supplies will have a crippling effect on any organization. Supply chain disruptions are a key element in weakening the operating capability of any organization. Think not only of your organization but of your third-party vendors as well. Some questions to consider in your evaluation of Supply Chain Resiliency:

  • How many days can you keep operating before there is a significant inability to operate as needed?
  • Do your third parties have support centers within impacted regions that have a ripple effect on your businesses’ ability to provide goods or services?
  • How will this impact revenue streams?
  • Do you have an ample supply of items on your shelves today to last you and your customers into the next month?
  • Identify the potential for prolonged lead times to procure these necessary items as sanctions and outages are enforced or occur.

In addition to the above threat vectors, we know that cyber warfare between these two countries has been ongoing for some time. Awareness of more prevalent attacks and disruptive behavior should be maintained. Attacks on critical infrastructure should be a primary focus both here and abroad. Remain alert that distractions can allow a less visible, yet effective attack to occur in your perimeter in one area while you’re focusing on another area. Increasing your continued diligence in defending DDoS attacks and phishing attempts is required. You can expect DDoS attacks to confuse and distract. Phishing attacks will increase to fraudulently obtain funding to pay for war resources, be they offensive or defensive. Confirm that all appropriate teams are in place and available if an attack is successful in your organization.

For increased transparency and validation, sign up for the free TrustMAPP Ransomware Readiness Assessment to get a clear picture of your readiness posture where we’ll not only show you where you are currently, but show you the steps and investments required to be insulated from a ransomware attack.

Browse These Topics

Tags

2022 Cyber trends Affordable Information Security Platform Affordable Security Assessment Tool analyze security data findings analyze your security data Assess Company's Security Readiness ciso CISO investment strategies Common Employee Data Security Mistakes company cyber security plans company that specializes in preventing data breaches company’s Internet security cybersecurity budgeting cybersecurity is discussed in board meetings data breach readiness Data Security Data Security Tactics Facebook Safety Federal Trade Commission’s cybersecurity standards fighting security attacks financial data stolen improving the information security of your company increase cyber security across your entire company information protected from a Malicious Cyber Attack Information Security Best Practices interactive security software platform Keep Cloud Storage Secure long term information security solutions maintain a successful security roadmap predict and protect yourself from potential threats prevent a devastating security breach prevent unauthorized access to your network prioritize potential threats Real-time Cyber Security Software real time information security Recent High Profile Companies with Data Breaches reduce cyber vulnerabilities security software dashboard for your entire company security team assess risk Simple Internet Safety stay ahead of cyber security threats unintentional data leakage valuable metrics and processes verbally explain the cyber security threats victim of a cyber security breach