“The US warns companies to stay on guard for possible Russian cyberattacks.”
This is a phrase you’ve likely seen or heard within the last few months. Russia’s invasion of Ukraine in February 2022 was not only fought with boots on the ground, but with hands on keyboards too. Hackers have been working relentlessly to further weaken Ukraine by damaging critical service infrastructure and crippling access to everyday amenities. Cyber warfare is a new battleground for warfare, and organizations everywhere—not just in Ukraine and Russia—need to be prepared.
The Newest Kind of Warfare
What kind of impact could such a cyber warfare attack have? Thinking purely from a war perspective, one would believe the three most likely primary targets would be government, infrastructure, and financial. However, any more, we really cannot be certain who or what the targets could be. It’s best to assume everyone is at risk. The cost that has been imposed on Russia is not only affecting their government, but also their entire population. Back a hacker or malicious actor into a corner, and they are likely to strike back by hitting whatever they can.
This means that while Russia’s main cyber force may be focused on those top three targets mentioned earlier, the rest of Russia’s cyber force may be focused on inflicting pain to the civilians and businesses of those they perceive to be their enemies. Several countries have taken actions that crippled the Russian economy to the point of closing their stock market; it’s entirely possible that these forces would directly retaliate. Organizations of all shapes and sized must remain diligent and make sure their guard is up, while remaining ready to respond if need be.
Readying Your Cyber Battlefront
During a recent Congress briefing, several US intelligence agencies spoke with Congress to let them know where they stood readiness-wise against cyber warfare and how organizations could use them in the event of a cyber-attack. The one that really stood out wasn’t the NSA or the State Department. The one that stood out was actually the FBI. In addition to assisting with breach response, the FBI also has a partner program that’s open to anyone. This program works with organizations to not only ensure they are less vulnerable to attacks, but also confirm that our national best practices are up to date so that we can best protect ourselves from cyber-attacks and cyber warfare while being able to properly respond in kind. Current partners in the program include schools, energy suppliers, infrastructure, and even NASCAR.
In addition to this partnership program, the FBI also has a response force. They ask that anyone who suspects they’ve been impacted to call their local field office (find yours here), and/or report the attack at https://tips.fbi.gov/.
However even with federal help available for organizations, there are still some best practices businesses should put in place to ensure that if or when the organization becomes a victim, it’s not overly exposed, and the value of the data to the attacker is minimized as much as possible. Being aware of what data you have where enables you to make critical data driven decisions. Ask questions such as:
· Which data should be in the same system together, and should we segment it?
· Should we mask data on a particular network or VLAN?
· Should we encrypt key data elements?
· Should we adjust our monitoring and logging?
Covering Your Assets
A key area of concern during this time of war is without a doubt the now vast remote workforce. Many who went to a fully work-from-home model in 2020 will never return to an office full time. How can organizations know what data may be stored on those remote laptops? Because without knowing what’s on the laptop, how do you know how to best protect it? IT teams can leverage full disk encryption, but that’s only really beneficial to protect against physical theft. What about cyber-attacks? What about ransomware, malware, or other software attacks? All of these put remote forces at the greatest threat level they’ve ever been. In the event that ransomware hits a laptop, businesses are at increased risk if that laptop happened to have—for example—a recent download from the CRM system or employee data that becomes compromised.
This is where PK Protect is built to help. PK Protect can be programmed to run on-going automated discovery on all designated endpoints and based on those discoveries, run automated policy-driven actions such as encryption, redaction, masking, classification, and reporting. This ensures that end users are always protected. The external value of the data on their systems is minimal when it’s encrypted or masked.
At PKWARE, we pride ourselves on having the best data discovery and protection in the industry. Our PK Protect suite ensures that organizations are always aware of what’s in each system. This helps to guarantee that data is properly protected so that if and when a breach occurs, the business knows how to respond, including which networks to isolate and which regulators or enforcement bodies to call.
It’s in our best interest that we all take data security seriously and personally. Compromised or stolen data truly does have a wide-spread effect, so if we all do our part to protect critical information in our organizations, it’s not just a business that benefits. It’s everyone.
See how PK Protect can work on your data with a personalized demo.