As we watch the events unfolding in Ukraine, our hearts go out to all of those affected. We hope for resolution and for a path to peace. While we offer our love and support to everyone touched by this heartbreaking crisis, it’s important to be mindful of the far-reaching impacts geopolitical events can have on businesses in the U.S. and around the world, such as cyberwarfare.
The Reality of Cyberwarfare
Cyberwarfare has become the fifth dimension where “battles” can take place – alongside land, sea, air, and space. With that reality, there is potential for anyone that does business online to be potentially impacted. Even indirectly, tools or vendors that your organization uses to keep the business running could ultimately be affected.
There are no specific, known cyber threats against standard platforms in our industry, at the time of this writing. However, these situations can (and most likely will) change rapidly. There is a high likelihood that a “localized” cyberattack – intended to be against a specific target – will spill over into the Internet as a whole. That type of scenario was seen in 2017 with the NotPetya malware attack. NotPetya was only intended to impact Ukraine, but quickly spread to systems throughout Europe and other locations. Geography doesn’t always limit the impacts of cyberwarfare.
How is ADNET addressing the evolving cybersecurity concerns?
In the absence of specific vulnerabilities or cyberattacks being conducted, our focus is on gathering threat intelligence. ADNET is prioritizing our protection systems/postures to ensure they are ready for what may come down the road.
ADNET receives threat intelligence information from a wide variety of sources – government, industry, and other managed security services providers – on a continual basis. We use this information along with what we are seeing ourselves to steer our actions. This information also informs the recommendations ADNET makes to its client base.
Additionally, ADNET continues to work directly with our cybersecurity partners to verify the actions they are taking within their platforms to help protect shared clients. Our cybersecurity team collaborates with several organizations to provide elevated levels of protection and response services through 24×7 Security Operation Centers (SOC). We are in continual dialogue with our SOC partners to make sure we have the latest information, so our solutions are frequently tuned as needed based on this information.
How can I protect my business from cyberwarfare?
Typically in our posts, we address a clearly defined threat with specific actions we recommend to protect your systems. However, that’s not the case here. This is an update on an evolving cybersecurity situation and a proactive recommendation to take necessary precautions. The best analogy is that there’s a storm brewing in the Atlantic that could become a hurricane and impact you. Or it could go out to sea and miss you entirely. Nonetheless, taking precautions is always a good thing with cybersecurity.
- Protect Your Access – Multifactor Authentication (MFA) is a must for any remote access or cloud-based systems that you have in place. MFA is a critical component in locking down unauthorized users from gaining access to your system. Verify that MFA is in place for your key systems and if not, get plans in place ASAP.
- Protect Your Systems – Endpoints need to be properly protected and the threats of today cannot necessarily be protected by the solutions of the past. You need to make sure the basics – such as ensuring software patches are in place and kept up to date – are being done in addition to utilizing more advanced products such as endpoint detection and response (EDR) solutions. Be sure to have logging enabled on all critical systems and a place for these logs to be stored. If an event does happen, this information is crucial.
- Protect Your Data – While it is always our goal to not have the bad things happen to systems, there is always a chance that an organization can be a victim of a cybersecurity event. Therefore, it is critical to make sure you have proper backups. No matter how many levels of security you have in place. If all else fails, these backups can be the thing that saves the day. You need to make sure your critical data (stored in your physical office or in the cloud) is protected and that the backups are working/have been tested.
- Protect Your Users – Lastly, we need to make sure the users are protected. They are the most critical element in the system. Sharing information regarding these threats, reminding the team to beware of phishing emails and regularly training them on security concepts can go a long way.
There is a wealth of information online regarding how to best protect your organizations, but one of the best collections of content is from Cybersecurity & Infrastructure Security Agency (CISA). They recently launched the Shields Up program to provide businesses of all shapes and sizes with guidance on a variety of security related topics.
As we mentioned, it is highly likely this situation will continuously change. ADNET is monitoring these evolving situations and will provide updates as needed. In the interim, please do not hesitate to reach out to us with any questions.