Russia’s invasion of Ukraine has involved comprehensive cybersecurity attacks, both military in origin as well as activist-oriented. These attacks have seen significant success including but not limited to:
- Complete disruption of internet service for large regions
- Compromise and unavailability of websites and communication systems
- Breach of corporate and banking concerns
- Compromise of logistics and supply chain companies
- Threatened attack on sympathetic organizations on an international scale
As a result, businesses should be on heightened alert, and should communicate to all employees, about the possibility of crippling attacks on their technology infrastructure or on the interconnected systems on which they rely. Vigilance and diligence are important in today’s heightened risk environment.
We, at Rea, are very concerned about both targeted attempts to compromise U.S. systems as well as collateral, untargeted, events suffered by entities caught in the cyber-attack scenario. Of particular risk are international organizations, those doing business with Ukraine or Russia, and those with supply chain requirements in Ukraine or Russia.
We urge everyone to engage with their internal and external resource to ensure proper management and monitoring your network is in place and effective. The threats responsible for the items noted above are severe, fast-acting, and comprehensive.
At a minimum, Rea recommends:
- Ensuring all of your systems are patched and up-to-date.
- Ensuring your firewalls (protecting your internal network from the external world), are managed and monitored. This means you know who can access them and they are able to respond to concerns quickly.
- Computers are running up-to-date malware and antivirus protection. Best case scenario is they are also protected by advanced Endpoint Protection tools.
The federal Cybersecurity and Infrastructure Security Agency (CISA) has issued a broader warning message with suggested guidance for all U.S.-based companies to consider as a minimum set of steps to mitigate your risks of exposure.
This guidance can be found at: https://www.cisa.gov/shields-up. If you are unsure of the content or have questions, please connect with Rea or your IT provider immediately.
By Paul Hugenberg, III, CISSP, CRISC, CISA, CMMC-RP, QSA (Wooster Office)