On Monday, the White House told US business leaders to toughen up their cybersecurity defensesagainst a potential cyberattack from Russia.
"The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. There is now evolving intelligence that Russia may be exploring options for potential cyberattacks."
Since Russian forces begun their attack against Ukraine on February 24, the US government and cybersecurity community have raised the possibility of a cyber arms conflict. The day Russian troops set foot in Ukraine, the Administration released a statementsaying the US is prepared to respond to Russian cyberattacks if it comes to that.
"If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond. For months, we've been working closely with the private sector to harden their cyberdefenses [and to] sharpen our ability to respond [to] the Russian cyberattacks as well."
In a business advisory, the FBI warned that US critical infrastructures, particularly entities within the financial, water, and energy sectors, are likely to be targeted. In fact, the FBI has already seen some abnormal "network scanning activity"from multiple IP addresses based in Russia, with an early stage of reconnaissance, a means to find vulnerabilities for potential future intrusions.
The FBI also revealed the at least five energy companies and at least 18 other US companies in different sectors (information technology, financial service, defense industrial base) have been subjected to these scanning activities.
With all this in mind, what should organizations be doing? Inspired by the Shields Upinitiative, a campaign set up by the US Cybersecurity & Infrastructure Security Agency (CISA), here's a list of things that business leaders can do to prepare.
- Update your systems.Your IT teams should prioritize patching vulnerable software that is currently being exploited.
- Change passwords across your networks.This is to ensure that any previously stolen or leaked credentials will no longer work when when used to access certain resources within your business network.
- Install good security softwareand make sure you keep it up to date.
- Create multiple backups of your data.It's the key to bouncing back from a ransomware attack as quickly as possible, especially when done right—something one school district found out the hard way—and you want to avoid paying cybercriminals. And while we're on the subject of backups, test your backup procedures, too.
- Require the use of multi-factor authentication (MFA)wherever you can.
- Educate your employees.Ensure that they know common threat tactics, such as social engineering ploys, that may be used against them. Lower your company's threshold of reporting incidents, so if an employee notices that their computer or phone is starting to show unusual behavior, such as crashing or suddenly running slowly, they should report it.
- Keep an open line to your local FBI or CISA Regional Office.CISA has opened 24/7 reporting avenues via
(888)282-0870and encourages business organizations to report cyber incidents they may encounter.
You can also read about four key cybersecurity practicesbusinesses can adopt when there's a threat of "cyberwar".
The Administration has made clear that the US government will do what it can to protect US businesses and critical infrastructure. But it also said they can't defend without the help of the private sector, which owns and operates most of the big businesses and infrastructures the country relies on.
In the statement he made on Monday, Biden concluded:
"You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time—your vigilance and urgency today can prevent or mitigate attacks tomorrow."