Nine Cyber Controls for a Geopolitically Disruptive Environment
April 12, 2022
News outlets and cybersecurity professionals worldwide had been sounding the alarm about various increased risks since the Russia-Ukraine conflict began. There is one avenue of attack that most pundits didn’t initially consider, however: cyberattacks. One example is the hundreds of websites in Ukraine that were targeted and brought down a day after the invasion.
Conflict can happen in many ways. Cyber warfare includes using digital means to disrupt or destroy an organization’s operations. Methods include espionage (intercepting communications/obtaining credentials or data), sabotage (shutting down or controlling vital systems/erasing data), and propaganda or disinformation (influencing public opinion via social media). This just scratches the surface of what’s possible.
Why Worry Now?
Not only is there great concern about armed spillover between the two nations, there is concern about cyber-spillover, too. The 2017 NotPetya global ransomware attack is a good example. What was thought to be a targeted attack from Russia to Ukraine eventually spread across the world, causing billions of dollars of damage. It’s easy to see from this example how this could happen again, given the numerous countries imposing economic sanctions on Russia.
Firms need to work with their technology teams and ensure as many of the controls listed below are in place. This is by no means a complete list, but it will provide meaningful guidance to increase your organization’s cyber posture.
Enable Multi-Factor AuthenticationStart with your email services if not already in place. Then, layer in VPN or any remotely accessible services.
Have a Business-Grade FirewallAre your intrusion prevention and detection rules properly configured? Set up country blocking, and block traffic to/from any countries with whom you’re not doing business. Block all non-used inbound and outbound ports.
Layer Email FilteringSimilar to the firewall, get country blocking in place if supported. Block emails containing non-standard character sets. Does your IT provider have the knowledge to properly configure highly sensitive email security protocols that ensure delivery of emails (e.g., DKIM, DMARC, SPF).
Deploy Advanced Endpoint ProtectionBecause legacy protection that is dependent on definitions might not be able to keep up with traffic, leverage newer AI driven solutions such as Cylance, SentinelOne and CrowdStrike. Add additional layers of security such as Endpoint Detect and Response technologies.
Perform Additional Country BlockingAdd country blocking not only from your firewall but any hosted services that support it. If your organization uses Microsoft Office 365, setup conditional access policies to restrict by location and block all non-essential information.
Update Your ComputersMost infections are thwarted simply by having a good patch management system in place. Infections like WannaCry, which impacted hundreds of thousands of machines and froze companies like FedEx, could have been mitigated by proper patching practices. Patch third-party products like Adobe Acrobat, 7zip and other common applications. Any application installed and unpatched has the potential to provide exposure. Remove applications that aren’t used in the organization. This reduces the attack surface and technology need for managing these updates.
Restrict ApplicationsLeverage tools for application whitelisting and blacklisting. One key area to enforce is ringfencing. This is the practice of restricting what other applications or services applications you run to which you have access.
Check Your Incident Response PlanWhen, not if, an incident occurs, you don’t want to determine your plan. There is nothing worse than attempting to make critical business decisions under pressure. Get a plan in place when you want to, not when you need to. Consider running a tabletop exercise. This is when you talk through examples of incidents and walk through your incident response plan to ensure any holes are addressed.
Test Your BackupsAt a minimum, test your local and offsite backups. Test the restore process at least once a quarter. Evaluate if a full continuity solution makes sense for the business.
It’s important to enhance your organization’s cyber posture and increase vigilance, especially during these uncertain times. Studies show the U.S. is the main target for such attacks, with small businesses bearing the brunt. Reach out to your in-house IT lead or third-party IT provider to get more information or guidance on the above controls.
Brandon Bowers is director, EisnerAmper Digital. Questions? He can be reached at firstname.lastname@example.org or 954.779.6511.