Security OperationsCybersecurity Risk & StrategySecurity
Article5 minute read

Global Cyber Threat - A Reality for All

The Russian invasion of Ukraine has drawn significant attention to pervasive global cybersecurity threats. In this environment, organizations need an action plan and defensive strategy in place to minimize the impact of potential breaches on vital operations.

In this article

  1. Potential response to sanctions
  2. Recommendations and immediate actions

The Russian invasion of Ukraine has drawn significant attention to the incredible challenges of cybersecurity. These events have fueled conditions for a global threat on a massive proportion with virtually no limits. In this current state of affairs, any information technology environment, regardless of country of origin or purpose, may be vulnerable to deliberate disruptions and/or degraded operations. 

Addressing this cyber threat is a never-ending task requiring a defensive strategy to ensure the impact on vital operations and business is minimized. A key and proven strategy to effectively address the global crisis is to be prepared for the cyber threat. This approach is applicable to not only public safety and services but equally to businesses in every sector and vertical.

The need for preparation has been widely stated. This week, the Department of Homeland Security (DHS) warned U.S. organizations to be prepared for a cyber attack although DHS Secretary Alejandro Mayorkas said there is no information to suggest a "specific credible cyber threat against the U.S. homeland." Officials in the U.K. issued a similar warning.

Precisely what form any hacks in the U.S. may take remains to be seen. The Federal Bureau of Investigation (FBI) warned organizations to be on the watch for ransomware, like the attack that crippled the Colonial Pipeline last year. 

Last week Russian President Vladimir Putin warned that any foreign attempts to interfere with Russia's actions would lead to "consequences you have never experienced," according to the Kremlin. 

DHS has been urging U.S. businesses and organizations to be prepared for cyber attacks, despite the lack of specific threats. According to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, "Russia may consider taking retaliatory action in response to sanctions that may impact our critical infrastructure."

 Potential response to sanctions

The attack on Ukraine has led to global condemnation of Russian aggression, resulting in economic sanctions severely limiting the country's access to the international banking network Society for Worldwide Interbank Financial Telecommunication (SWIFT). 

In retaliation, Russian Advance Persistent Threat (APT) actors could target U.S. and international organizations, including Defense contractors, healthcare organizations, telecommunications, and energy sectors. 

In the past, Russian APT actors have used spear-phishing and brute force network attacks against accounts and networks with weak security. 

 Russian cyber attack landscape

Russian cyber operations represent a genuine and sophisticated threat to various sectors in numerous countries and regions. Russian intelligence services view corporations, governments, and society as opportunistic targets to exploit using espionage and disinformation operations. The Russian state brings resources that many of the organizations they target can't match.

 How can organizations prepare?

We encourage our customers and partners to be fully prepared. This includes having an action plan for what may unfortunately be an occurrence of a breach. A prescriptive plan is recommended but with a focus on business relevance. Create and test a cyber incident response plan and a business and cyber resilience plan to keep critical business functions running if technology systems are disrupted or need to be taken offline. Enhance your organization's cyber posture and consider the following:

  • Apply core best cyber defense practices, encryption, firewalls, multifactor authentication and other basic security controls.
  • Increase organizational resilience – understand what your most critical business functions are.
  • Ensure you have an incident response plan to help your organization rebound if business functions are impacted.

 Recommendations and immediate actions

Organizations should immediately review their internal level of security posture and prioritize key areas. Increase the security operations in your environment with an emphasis on monitoring, detection, isolation, recovery and incident recovery. Ensure security personnel monitor key internal security capabilities and can identify anomalous behavior. For example, malicious cyber actors often target organizations on weekends and holidays when gaps exist in organizational cybersecurity.

For additional actions your team can take, we further recommend close attention to key tactical capabilities that will play into the essential management of operations. 

 Incident response

  • Focus on detecting potential APT activity.
  • Upon detection of questionable activity, ensure you can immediately isolate affected systems.
  • Secure backups and ensure your data is offline and protected.
  • Have a solid recovery process for all IT, security, and business systems.
  • Have contingency to obtain support from a third-party cybersecurity organization with expertise in cyber recovery systems.

 Identity and access management

  • Require multifactor authentication for all users.
  • Require accounts to have strong passwords and secure credentials, this includes updating any default passwords.
  • Set a firm password policy for service accounts.

 Security controls and architecture

  • Identify, detect and investigate abnormal network access and user behavior.
  • Network monitoring tools such as endpoint detection and response (EDR) are good at identifying and managing lateral connections across the network.
  • Educate your employees and staff on identifying phishing emails.
  • Prevent emails from storing executable files.
  • Your employee security training plan should teach users to identify and not visit malicious websites or open suspicious attachments.

 Vulnerability management

  • Update software on all IT systems, applications and firmware.
  • Prioritize patching known exploited vulnerabilities, especially the critical and high vulnerabilities.
  • Where possible, isolate high-value assets by applying a defense-in-depth approach.

While the reality of a pervasive global cybersecurity threat is not new, it does force a set of norms on every business in terms of diligence and deliberate capabilities. WWT can assist organizations by not only helping to prepare but also defining a holistic strategy that is tied to protecting the business. 

Keep up with the latest cybersecurity news and trends.
Follow Security Transformation