Sanctions Against Russia Bring New Cyber Threats to Businesses

In other cybersecurity news …

New U.S. sanctions triggered by Russia invading Ukraine could prompt Russian ransomware attacks on businesses.

According to CNN, a senior FBI cyber official asked U.S. businesses and local governments to be mindful of the potential for ransomware attacks as the crisis deepens.

U.S. officials continue to say there are “no specific, credible” threats to the U.S. homeland tied to tensions with Russia over Ukraine, but they are preaching vigilance.

Sam Curry is Cybereason‘s chief security officer.

“With more Ukrainian government agencies under a barrage of cyberattacks that are not likely to cease in the coming days or weeks, this is another reminder for public and private organizations to shore up their defenses from cyber adversaries,” he said. “There is no silver bullet or magic potion that will solve the cybersecurity challenges ahead for organizations.”

To minimize possible damage and to assess preparedness, Curry said organizations should consider the following steps when preparing for the possibility of a cyberattack impacting their business:

• Be on high alert. Call the employees or associates that you call for in a crisis and have them ready because they may get called in multiple directions in a crunch. If you don’t have anyone on your staff filling this role, call any cyber people you know and seek their advice.
• Identify the critical services that are single points of failure for your business. If they go down, the business stops. Have a plan for what to do if they go down. This doesn’t have to be perfect, but think now about what to do if email goes away or a customer portal or customer relationship management (CRM) tool is locked.
• Minimize new, risky projects. The retail industry generally freezes IT in the holiday shopping months. It’s all about keeping the business running for a few months and then after the crunch, developing new capabilities. This also includes minimizing use of anything not needed for business for awhile on work systems, like social media, except for marketing personnel, games, etc.
• Know where your people are, how they will connect and work, and ensure that services that do this are ready, including VPNs and productivity suites. Have a plan and communicate it to people in the event that the internet and services aren’t available.

Also this week, the websites of Ukraine’s government, foreign ministry and state security service were down in what the government said was the start of another massive denial of service (DoS) attack.

David Jemmett is Cerberus Sentinel‘s CEO.

“[This] is further proof that all organizations and the world’s citizens need measures to protect their most critical assets: infrastructure, sensitive information, intellectual property, identity and privacy,” he said. “We need to work together to establish true cultures of security in organizations both public and private to stop threats from any source in their tracks and ensure resiliency.”