A week before Russia launched its invasion of Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) released a rare cyber “Shields UpCaution. CISA said there are no specific or credible cyber threats to U.S. territory at this time. However, it also goes on to say, “Every organization, large or small, must be prepared to respond to disruptive cyber activity.
The Russian Invasion and Cybersecurity Threats
The “Shields Up” warning is directed at the US private sector, and the deployment is partly based on Russia’s denial of service attack on Ukraine by its military. There is no denying that the cyber threat is very real, however, will it affect and target small businesses in any way?
READ ALSO : SBA announces $3 million in small business cybersecurity grants
While your small business may not be directly threatened, the public and private organizations it relies on to stay operational could be. And this is where the term collateral damage comes in. If these organizations are attacked and/or undermined by extension, your small business will suffer. Beyond Russia, there are cybercriminal organizations that have declared their full support for the Russian government.
These cyber criminals are largely responsible for the major hacking and ransomware attacks taking place all over the world. According to Malwarebytes Laboratories, “If there was ever any doubt that some of the most harmful ransomware groups in the world were aligned with the Kremlin, this kind of allegiance will put an end to it.” Thus, it is not just state actors such as Russia and its allies who pose a threat to the digital landscape in which we all live and work.
So what does all this mean? Simply put, you need to protect your small business 24 hours a day, 7 days a week, 365 days a year, with no days off. The Russian invasion shouldn’t be the only reason you start implementing and following strict cybersecurity protocols.
the harvard business review put it better when he said, “…if you just rate your cyber posture now, you’re probably too late. Effective cyber defense is a long game that requires sustained strategic investment, not a last-minute addition. And that just doesn’t apply to large organizations, it’s for everyone, from individuals to freelancers, small businesses and multinational corporations.
No matter how many mitigations you put in place to protect your small business, it won’t pay off if you don’t also include very strict cybersecurity governance that holds everyone in your small business accountable. With that in mind, make sure you have such governance to protect what you’ve worked so hard to build.
As far as ransomware goes, here are the FBI’s recommendations:
- Regularly back up data, air voids and offline password-protected backup copies. Ensure that copies of critical data are not accessible for modification or deletion from the system where the data resides.
- Implement network segmentation.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, cloud).
- Install operating system, software, and firmware updates/patches as they become available.
- Use multi-factor authentication whenever possible.
- Use strong passwords and change system and network account passwords regularly, implementing the shortest acceptable time frame for password changes. Avoid reusing passwords for multiple accounts.
- Disable unused remote access/RDP ports and monitor remote access/RDP logs.
- Require administrator credentials to install software.
- Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
- Install and regularly update anti-virus/anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
- Consider adding an email banner to messages from outside your organization.
- Disable hyperlinks in received emails.
- Focus on cybersecurity awareness and training. Provide users with regular training on information security principles and techniques as well as emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).
These are CISA recommendations
Protection commands and architecture
- Deploy application control software to limit the applications and executable code that users can run. Attachments to emails and files downloaded via links in emails often contain executable code.
Identity and access management
- Use multi-factor authentication whenever possible, especially for webmail, virtual private networks, and accounts that access critical systems.
- Limit the use of administrator privileges. Users who browse the Internet, use email, and run code with administrator privileges are prime targets for spear phishing because their system, once infected, allows attackers to move laterally across the network, gain additional access and access highly sensitive information.
- Enable anti-virus and anti-malware software and update signature definitions in a timely manner. Well-maintained anti-virus software can prevent attack tools commonly deployed through spearphishing.
- Beware of unsolicited email or social media contact from anyone you don’t know personally. Do not click on hyperlinks or open attachments in these communications.
- Consider adding an email banner to emails received from outside your organization and disabling hyperlinks in received emails.
- Train users through awareness and simulations to recognize and report phishing and social engineering attempts. Identify and suspend access to user accounts exhibiting unusual activity.
- Adopt threat reputation services at the network device, operating system, application, and messaging service levels. Reputation services can be used to detect or prevent low reputation email addresses, files, URLs and IP addresses used in spear phishing attacks.
Vulnerability and configuration management
- Install operating system, software and firmware updates/patches as soon as the updates/patches are available. Prioritize patches known exploited vulnerabilities.
Small Business Administration – Stay safe from cybersecurity threats
National Institute of Standards and Technology – Small Business Cybersecurity Corner
Cybersecurity and Infrastructure Security Agency (CISA) – Cybersecurity training and exercises
StopRansomware.gov is a centralized, government-wide web page providing ransomware resources and alerts. It provides information and resources to protect you and your business from and respond to ransomware.
You can get cyber hygiene services free of charge from CISA to help you identify and reduce your exposure to threats, including ransomware. You can request the service if your business is part of a critical infrastructure organization, regardless of size. The goal is to find ways to reduce risk and mitigate attack vectors.
The key to securing your small business’s digital presence is having a strong security protocol in place, strict governance, and staying vigilant.