Since late February, Russian President Vladimir Putin’s soldiers, artillery and tanks have poured across the border and into Ukraine, a country roughly the size of Texas.
Even with the help of foreign aid and various sanctions on Russia, the outcome remains unclear.
Overseas and more than 5,000 miles away, the United States is facing a different kind of Russian threat: cyber warfare.
In preparation, many businesses have taken measures to bolster their IT security, a trend reflected by the sudden, sharp spike in cyber security stocks.
In this article, we discuss the impact that a Russian cyber attack could have on your business, how it could be deployed, and what you can do to protect your assets and your clients.
The Growing Danger of a Russia Cyber Attack
Russian cyber attacks against Ukraine and the U.S. are nothing new.
In 2015, Russian hackers induced a six-hour blackout on the Ukrainian power grid. In 2016, another attack successfully severed power to a large portion of Kyiv. These incidents were not merely an attack against Ukraine; they were a message to the rest of the world.
Around this time, 10 U.S. utilities discovered that Russian malware had infected their systems. This prompted a major scrubbing effort and sparked renewed efforts to devise cyber security strategies and fail-safes.
In the week leading up to the military attack on Ukraine, Russian hackers launched a cyber attack against Ukrainian banks and government websites. When the news reached the U.S., urgent discussions between financial services and security agencies began in preparation for Russian cyberattacks.
In response to the ongoing Russian threat, the decentralized “hacktivist” collective known as Anonymous retaliated with their own cyber attack against Russia earlier this month. Several state-run TV channels were hijacked to air pro-Ukraine content.
Meanwhile, a DDoS attack knocked out official government websites and media outlets, including the Kremlin, the Ministry of Defense, and Russia Today.
|Interested in learning more about defending against Russian cyber attacks? Check out these blogs:|
How Likely is a Cyber Attack From Russia?
Long before the invasion of Ukraine, Russia had been considered an Advanced Persistent Threat (APT) by the Cybersecurity and Infrastructure Security Agency (CISA).
With most of the United States’ economy dependent on the Internet of Things (IoT), CISA’s cybersecurity experts have long been wary of a potentially disruptive and destabilizing Russian cyber attack against American infrastructure.
At a press conference in February 2021, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, warned against the Russian APT. At the time, 100 private sector organizations and nine federal agencies had just been compromised by cyber attacks of unknown origin.
Neuberger stated, “The intelligence community is looking at who is responsible. Until that study is complete, I’ll use the language we previously used, which was to say an advanced persistent threat actor, likely of Russian origin, was responsible.”
Fast-forward to March 2022: Nvidia, America’s largest microprocessor manufacturer, fell victim to a cyber attack. This led to a massive data breach in which employee credentials and trade secrets were publicly leaked.
Though the connection to Russian hacking is tenuous for now, the incident has sparked even greater concerns over cyber security threats.
How to Defend Against a Cyber Attack from Russia
If you’re feeling anxious about a Russian cyber attack, you’re not alone. However, there are plenty of ways to improve the security of your cyber operations. Let’s look at some common Russian cyber threats and how you can thwart them.
1. Beware of Phishing Scams
According to CISCO’s 2021 Cybersecurity Threat Trends, 86% of companies reported at least one incident where an employee opened a phishing link.
This shouldn’t come as a surprise given that phishing scams represent the primary attack vector used by hackers. In fact, 90% of successful cyber attacks can be traced back to some form of social engineering.
Whether through email or social media, against employees or C-level staff, these attacks come in all shapes and sizes. Some common variations include:
- Email phishing
- Spear phishing
- Smishing and vishing
- Angler phishing
Because phishing scams leverage human psychology, the best defense is to educate your staff. Information security training can be used to teach them about the prevalence, dangers, and protocols for dealing with phishing scams.
2. Use Strong Passwords
Strong passwords remain one of the simplest and most effective preventative strategies against cyber attacks. In addition to being strong, passwords should also be unique, meaning that no two logins use the same one. A strong password includes:
- A minimum of eight characters, though more is better;
- Both upper and lowercase letters;
- Both letters and numbers;
- One or more special characters (such as !, @, #, $, ?, etc.)
You can also implement an encrypted password manager. This enables you to store and generate passwords; however, a keystroke-logger could theoretically reveal your master password to a hacker.
3. Enable Multi-Step Authentication
While strong passwords are a good start, they’re not always enough to keep your accounts secure.
That’s where multi-step authentication comes in, whereby two or more pieces of identification are needed to access an account. These additional layers of security comprise four main categories:
- Possession: An object you physically have, such as a security token.
- Knowledge: A piece of information known only to you, such as a password, PIN, or answer to a security question.
- Inherent: A personal biometric characteristic, such as your face, iris, or fingerprint.
- Location: A connection to a particular computing network or having distinct GPS coordinates.
Protect Your Business From Russian Cyber Attacks
Partner with Power Consulting and strengthen your information security practices.
4. Keep Your Software Patched and Up-to-Date
Hackers rarely use zero-day attacks. In fact, most exploits are discovered by simply reverse-engineering the latest software updates and patches.
That’s why it’s critical to stay on top of new updates and patches across all your devices. Because this can be a time-consuming practice, enable automatic updates wherever possible.
5. Rehearse and Refine Your Business Continuity Plan (BCP)
If worse comes to worst, a business continuity plan (BCP) is your best chance at surviving a successful Russian cyber attack.
Of course, even after you’ve developed a sophisticated BCP, it’s essential to rehearse the procedures between once a month and once every quarter, depending on the complexity of your IT environment.
Moreover, as you introduce new IT assets and infrastructure into your ecosystem, make sure to incorporate them into your BCP. For data, frequent backups are a must, both in the cloud and on-premises.
Defend Your Business Against Russian Cyber Attacks With Power Consulting
Now that Russian military forces have invaded Ukraine, many of us are following the news in a mix of hope and horror.
But even as we hope for a fast and peaceful resolution in Ukraine, we cannot lose sight of the looming threat of a Russian cyber attack against American businesses.
If you’re looking to fortify your cybersecurity defenses, Power Consulting can help. We offer comprehensive cybersecurity packages that cover everything from hackers to phishing scams. Contact us today to get your free assessment.