Global cyberattacks are becoming more widespread. The onslaught of online assaults we’ve seen five months into the year has made putting adequate measures in place to keep organization's critical information secure that much more critical. Harvard Business Review has stated that the "conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced." Accelerated cyberattacks are already underway directed at Ukraine and may expand to nation-states providing support to Ukraine, including the United States.
Today, we are at a precipice of a hybrid war. Rogue nations and hacker groups have engaged in kinetic warfare and reactionary measures by attacking critical infrastructures by any means necessary. These attackers use persistent charges to weaken an entity's defenses and, ultimately, their operational continuance.
Within the U.S., industries such as financial organizations, government agencies and educational institutions are at a heightened risk. There have already been offensive measures used against Ukraine related to cyberattacks and, as tensions continue to increase, the risk of an attack on U.S. enterprises and government agencies also continues to rise. As targeted, state-sponsored cyberattacks begin to unfold on business and critical infrastructure in the U.S. and allied nations, it's necessary to assess the current state of risk and take appropriate steps to prevent, detect and recover from a sophisticated threat matrix.
While direct cyberattacks on U.S. entities are unlikely at this moment, a digital assault can still cause Western enterprises significant harm if a partner is hit. For example, without the proper preventative measures in place, your critical infrastructure can be put at risk if a member within your supply chain falls victim to an attack. Third-party attacks are common, with 51% of organizations experiencing a data breach caused by a third party, according to Ponemon Institute.
So how can we as a nation mitigate retaliatory measures taken against our establishments that keep a country active?
Preventing an Attack
Globalization of cybercrime: Criminals engaging in cyber warfare are not bound to country borders but come from all parts of the globe. By implementing geolocation access control lists on your platform (firewalls, perimeter security), you can stop addresses sourced from these locations.
Modernize the cloud: Data no longer resides only within your perimeter; it is now contained in the cloud and applications that you may use. It is imperative that proper data visibility tools be put in place.
Walk in a hacker's shoes: Be proactive with threat hunting activities by performing vulnerability scans and assessments on your environment to seek out weak spots. The average dwell time, the amount of time that an intruder is sitting within your network and collecting information before you notice it, is 180 days. By employing a Managed Detection and Response (MDR) plan into your environment, you can be made aware of traffic outside the normal range (anomalies) and increase your threat hunting capabilities.
Have a game plan: The most important thing that you can do to secure your business is create or update an Incident Response Plan (IRP). By doing so, you can properly react to a cyberattack and mitigate losses that could affect yourself, your clients and the company entirely.
War is unpredictable, but the steps you take today to minimize the effects of an attack could save your business tomorrow. U.S. cybersecurity officials continue to urge federal agencies and large organizations to remain vigilant against the threat of increased attacks due to the Ukrainian conflict. The Cybersecurity & Infrastructure Security Agency states, "CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets."
At ConvergeOne, our engineering resources are on high alert for the possibility of cyberattacks against U.S. businesses and government agencies and we can't stress enough the importance of staying vigilant and prepared. Throughout the past 15 years, we have seen various cyberattacks affect our economy in different ways—from limiting access to goods and services to data retrieval affecting schools, cities, and overall businesses.
Connect with a member of ConvergeOne's cybersecurity practice for assistance with your cyber-defense: https://www.convergeone.com/ukraine-cyber-security
Vito Nozza is the Principal Consultant, Cybersecurity Lifecycle Consulting in ConvergeOne’s National Cybersecurity Practice. His career spans 20+ years in Enterprise Architecture, with 15 years specific to Cybersecurity. He has held roles as a CTO, Director, Principal Architect, and Global Security Advisor, which have all led to establishing guidance and consultative measures to SME and Enterprise-grade entities. Vito has been paramount in establishing cloud security, guided frameworks, and disaster/incident response plans, with overall GRC and ERM goals.
ConvergeOne is a proven, services led, cloud solution provider that utilizes intellectual property and unique methodologies to create customer value with progressive solutions that connect people with purpose.