Shoring Up Your Cybersecurity Defenses In The Face Of War

This post was contributed by Michael Cote, Senior Cybersecurity Solutions Engineer at TrustMAPP.

The instability and unpredictable nature of war have the potential to wreak havoc within the cybersecurity community. Issues that are addressed with attentive regularity are now amplified with scrutiny and severity. As the pieces of war are strategically moved between Russia and Ukraine, any means are sought to weaken each other’s resolve. At the same time, increasing sources of financial support to weaken the enemy and strengthen offensive and defensive capabilities are being put into effect.

How can you protect your organization from the threats created by this conflict?

Aggressors will sow seeds of discord and confusion that open organizations to many potential threats. Let’s focus on three main concerns:

1. Communications
2. Ransomware
3. Supply Chain disruptions.

Communications

Preventing information flow in either direction can create massive panic as the public and the world lose vital information on food, water, supplies, safe zones, and the ability to communicate with our loved ones. How prepared are you to establish communications with your business resiliency team if undersea communication cables are severed or satellite links disrupted? How would you be able to respond if you no longer were able to use your email or cellphones? To put it plain and simple, if you cannot communicate, you cannot function.

ICANN CEO Göran Marby wrote “As you know, the Internet is a decentralized system. No one actor can control it or shut it down.” That is good news overall for communications stability. With Russia’s 2019 claim that its internet can function when isolated from the rest of the world, can we assume they would have an advantage if our communications were shut down but theirs continues to operate? Returning to pen and paper, or another analog system, may very well be a reality in some cases. Is your business prepared to operate in such a way? Perhaps investing in satellite phones would be a more prudent method of securely connecting your critical infrastructure with your response teams and supply lines. Have you checked if any of your third-party suppliers are Ukrainian-based? Ukrainian IT outsourcing firms have a big footprint when it comes to global services. Peer network connections should also be used to improve your ability to communicate threats and intelligence to one other for faster and more accurate mitigation. Make sure your teams know whom to contact at the FBI, CISA, and your vendors. As a last resort, and this may sound silly until you need it, there is one other resource that appears to have uncanny stability in the face of adverse circumstances, most commonly natural disasters. But because it uses radio waves and is not secure, it’s rarely mentioned. HAM radios. Ham operators can communicate locally or globally, with millions of frequencies available, at a very low cost and they have proven reliable time and again. It may seem extreme and archaic, and it works, but only in an UNSECURED manner. As a final note on communication, make sure your teams have built strong relationships with those you depend on to function effectively. Don’t wait until disaster strikes before you make those connections. Develop a strong network across all facets of the security realm and do what it takes to keep those relationships ongoing and permanent.

Ransomware

Expect an increase in Ransomware attacks to fund aggressive regimes. As the world shuts down access to Russian banking assets, and as Russia loses income from the world refusing to purchase Russian-made products, their ability to fund war becomes severely damaged. Illicit funding sources would then be sought by all means available to this highly technical and capable adversary. And those attempting ransomware attacks would not only come from Russia. Proxy aggressors such as China, North Korea, and Iran could support an illicit funding campaign to aid Russia. Know also that Geofencing will not be a very effective countermeasure since proxies here in the U.S. deliver most of those attacks.

• What are your ransomware response processes?
• Are you prepared to communicate with a ransomware attacker?
• Do you have leadership roles assigned to address the media in the event you experience a ransomware attack?
• Do you have statements in place to address your customers’ concerns about this attack and potential data loss events?

Supply Chain

Losing access to parts and supplies will have a crippling effect on any organization. Supply chain disruptions are a key element in weakening the operating capability of any organization. Think not only of your organization but of your third-party vendors as well. Some questions to consider in your evaluation of Supply Chain Resiliency:

• How many days can you keep operating before there is a significant inability to operate as needed?
• Do your third parties have support centers within impacted regions that have a ripple effect on your businesses’ ability to provide goods or services?
• How will this impact revenue streams?
• Do you have an ample supply of items on your shelves today to last you and your customers into the next month?
• Identify the potential for prolonged lead times to procure these necessary items as sanctions and outages are enforced or occur.

In addition to the above threat vectors, we know that cyber warfare between these two countries has been ongoing for some time. Awareness of more prevalent attacks and disruptive behavior should be maintained. Attacks on critical infrastructure should be a primary focus both here and abroad. Remain alert that distractions can allow a less visible, yet effective attack to occur in your perimeter in one area while you’re focusing on another area. Increasing your continued diligence in defending DDoS attacks and phishing attempts is required. You can expect DDoS attacks to confuse and distract. Phishing attacks will increase to fraudulently obtain funding to pay for war resources, be they offensive or defensive. Confirm that all appropriate teams are in place and available if an attack is successful in your organization.

For increased transparency and validation, sign up for the free TrustMAPP Ransomware Readiness Assessment to get a clear picture of your readiness posture where we’ll not only show you where you are currently, but show you the steps and investments required to be insulated from a ransomware attack.