‘Shields Up’ Warning of Russia Hacking
In other cybersecurity news …
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a “shields up” warning that American companies should be extra cautious about potential hacking attempts from Russia as tensions with the country rise.
“Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety,” it said. “Over the past year, cyber incidents have impacted many companies, nonprofits and other organizations, large and small, across multiple sectors of the economy.”
Notably, the Russian government has used cyber as a key component of their force projection over the last decade, the CISA said. That includes previously in Ukraine in the 2015 timeframe.
“The Russian government understands that disabling or destroying critical infrastructure, including power and communications, can augment pressure on a country’s government, military and population, and accelerate their acceding to Russian objectives,” it said.
While there are not any specific credible threats to the U.S. homeland, there is potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.
CISA recommends all organizations, regardless of size, adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
Sandy Dunn is BreachQuest‘s CSO. She said the shields-up message is a call to action to every business leader, CISO and cybersecurity team.
“A CISO should act on the [message] the same way a person listens and acts when the weatherman warns of a hurricane may be headed to the area you live in,” she said. “For a hurricane, you check the windows, the pantry for food supply, buy extra water and batteries for a working flashlight. A cybersecurity team needs to double down on their environment. Call a team meeting, make sure people on the team are on high alert, review the incident response plan and have it available. Send a message out to the users in your organization to watch for suspicious activity. Also, send a message to the executive leadership in the organization that the shields up message is a call to action, and you are prepared.”
Gadi Naveh is cyber data scientist at Canonic.
“The CISA alert reminds business leaders that the global economy is connected, even if no organizations that conducted business with Ukraine suffered from previous attacks,” he said. “Many local companies have customers and even employees to support in Ukraine. This helps to develop a mindful view of geopolitical events and their potential impact on your own security posture.”