Both the public and private sectors around the world recognize information security is a valuable priority. As more people than ever are working from home and the world is witnessing Russia invade Ukraine, the need for operational cyber resiliency has increased.
McAfee Enterprise and FireEye released findings in Cybercrime in a Pandemic World: The Impact of COVID-19, revealing that 81% of global organizations experienced increased cyber threats during the pandemic. 79% of those organizations also suffered from downtime during a peak season.
Cyber threats to critical infrastructure can have devastating consequences. Power grids, pipelines, transportation, and healthcare, for example, need continuous activity to provide service to citizens. Any disruption could end in significant financial loss and the loss of life.
Cyber Resiliency Advisories to Combat Russian Efforts
The Russian government is targeting the infrastructure of Ukraine and Western nations. Recent publications show Russia is engaging in a cyberwar. With attempts to steal, disrupt, or otherwise influence elections, healthcare, aviation, and critical manufacturing (not an exhaustive list).
Russian state actors use many different tactics to gain access to targeted networks. Historically, spear-phishing, brute force/password spray attacks, and security vulnerability exploitation have been witnessed.
Lately, the Cybersecurity & Infrastructure Security Agency (CISA) and the FBI have alerted that Russia is using destructive malware to render computer systems completely inoperable.
- January 15, 2022: Microsoft disclosed that malware known as WhisperGate was being used against the government and various organizations within Ukraine to destroy their computer systems.
- February 23, 2022: Russian malware known as HermeticWiper was found to target Windows devices, manipulating the master boot record and resulting in a subsequent boot failure.
Russia’s main intelligence agency, the GRU, has been attributed to some of Russia’s worst cyber operations. These include attacks targeted at spreading disinformation, spying, and destroying cyber capabilities around the world. In light of Russia’s recent invasion of Ukraine, agencies have been issuing cyber resiliency advisories to combat malicious cyber actors.
What is Cyber Resiliency?
According to NIST, it is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”
From a risk management perspective, cyber resiliency is about measuring how robust your cyber defense systems are and taking measures to improve them. CERTs are issued by various governing bodies as guidance to help improve your overall cyber resiliency (also known as your “posture”). Recently, CISA, the FBI, and NSA have given guidance to combat Russian state-sponsored cyber attacks.
Robust cyber resiliency includes regularly reviewed reporting processes and an updated cyber incident response plan and continuity plan. Organizations should follow best practices for identity and access management. Effective cyber resiliency also requires you to implement protective controls and vulnerability and configuration management, and continuously monitor for new threats.
You might be asking yourself, how do I DO those things?
To effectively respond to a network intrusion, an organization should:
- Build a cybersecurity culture from day one.
- Have a plan detailing how to report potential cyber incidents and to whom they should be reported.
- Assign key points of contact and address their individual roles and responsibilities.
- Assign backup personnel for key points of contact in case someone is unavailable.
- Conduct periodic testing of the plan.
- Follow best practices, such as requiring multi-factor authentication and adopting a zero-trust security model.
- Ensure assets are protected with antivirus/antimalware software and kept up-to-date with the latest security patches.
As of March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed into law under the Consolidated Appropriations Act 2022. This act requires critical infrastructure organizations to report cyber incidents to CISA within 72 hours after the incident occurs. Organizations will then need to keep CISA informed until the incident as closed, including the reporting of ransom payments within 24 hours.
While this new regulation is an effort to improve the nation’s cybersecurity, it’s likely the increasing threat from Russia was on Congress’ mind when passing this law.
Cyber resiliency isn’t just for government, infrastructure, and large enterprises. Any organization can be at risk of an attack. Cyber security and data privacy work together to ensure the safety of your information systems. Don’t wait until it’s too late to have a privacy program and cyber resiliency plan in place.