One week before Russia launched its invasion of Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) issued a rare cyber “Shields Up” warning. The CISA said there are no specific or credible cyber threats to the U.S. homeland at this time. However, it also goes on to say, “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
The Russian Invasion and Cyber Security Threats
The “Shields Up” warning is directed towards the U.S. private sector, and the deployment is partly based on Russia’s denial-of-service attack on Ukraine by its military. There is no denying the cyber threat is very real, however, will it affect and target small businesses in any way?
Even though your small business may not be threatened directly, the public and private organizations it relies on to stay operational might. And this is where the term collateral damage comes to play. If these organizations are attacked and/or undermined by extension, your small business will suffer. Beyond Russia, there are cyber-criminal organizations that have stated their full support of the Russian government.
These cybercriminals are in great part responsible for major hacks and ransomware attacks taking place around the world. According to Malwarebytes Labs, “If there ever was any doubt that some of the world’s most damaging ransomware groups were aligned with the Kremlin, this sort of allegiance will put an end to it.” So, it is not only state actors such as Russia and its allies that pose a threat to the digital landscape we all live and work in.
So, what does this all mean? Simply put you must protect your small business 24/7/365 with no days off. The Russian invasion shouldn’t be the only reason you start implementing and following strict cybersecurity protocols.
The Harvard Business Review put it best when it said, “… if you are just now evaluating your cyber posture, you are probably too late. Effective cyber defense is a long game requiring sustained strategic investment, not a last-minute bolt-on.” And this just doesn’t apply to large organizations, it is for everyone, from individuals to freelancers, small businesses, and multinational enterprises.
No matter how many mitigations you put in place to protect your small business, it will not pay off if you don’t also include very strict cybersecurity governance that holds everyone in your small business accountable. With that in mind, make sure to have such governance to protect what you have worked so hard to build.
When it comes to ransomware, these are the recommendations from the FBI:
- Regularly back up data, air gap, and password-protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
- Implement network segmentation.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
- Install updates/patch operating systems, software, and firmware as soon as they are available.
- Use multi-factor authentication where possible.
- Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.
- Disable unused remote access/RDP ports and monitor remote access/RDP logs.
- Require administrator credentials to install software.
- Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
- Install and regularly update anti-virus/anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
- Consider adding an email banner to messages coming from outside your organizations.
- Disable hyperlinks in received emails.
- Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).
These are recommendations from the CISA
Protective Controls and Architecture
- Deploy application control software to limit the applications and executable code that users can run. Email attachments and files downloaded via links in emails often contain executable code.
Identity and Access Management
- Use multi-factor authentication where possible, particularly for webmail, virtual private networks, and accounts that access critical systems.
- Limit the use of administrator privileges. Users who browse the internet, use email and execute code with administrator privileges make for excellent spearphishing targets because their system—once infected—enables attackers to move laterally across the network, gain additional accesses, and access highly sensitive information.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Well-maintained antivirus software may prevent the use of commonly deployed attacker tools that are delivered via spearphishing.
- Be suspicious of unsolicited contact via email or social media from any individual you do not know personally. Do not click on hyperlinks or open attachments in these communications.
- Consider adding an email banner to emails received from outside your organization and disabling hyperlinks in received emails.
- Train users through awareness and simulations to recognize and report phishing and social engineering attempts. Identify and suspend access of user accounts exhibiting unusual activity.
- Adopt threat reputation services at the network device, operating system, application, and email service levels. Reputation services can be used to detect or prevent low-reputation email addresses, files, URLs, and IP addresses used in spearphishing attacks.
Vulnerability and Configuration Management
- Install updates/patch operating systems, software, and firmware as soon as updates/patches are available. Prioritize patching known exploited vulnerabilities.
Small Business Administration – Stay safe from cybersecurity threats
National Institute of Standards and Technology – Small Business Cybersecurity Corner
Cybersecurity and Infrastructure Security Agency (CISA) – Cybersecurity training and exercises
StopRansomware.gov is a centralized, whole-of-government webpage providing ransomware resources and alerts. It provides information and resources to protect yourself and your business against and respond to ransomware
You can get cyber hygiene services at no cost from the CISA to help identify and reduce your exposure to threats, including ransomware. You can request the service if your business is part of any critical infrastructure organization no matter how small your company is. The goal is to find ways to reduce risk and mitigate attack vectors.
The key to securing the digital presence of your small business is to have a strong security protocol in place, strict governance, and staying vigilant.