They say in a time of crisis that the most important response is to stay calm.
Between two events last week – the CISA “Shields Up” Campaign and the much forecasted Russian invasion into Ukraine – it is challenging to maintain the inner zen for cybersecurity folks these days. I know I am not alone.
There are two key questions for cybersecurity professionals in times like these:
How do we convey the sense of urgency around this new normal without causing panic or sounding like “the sky is falling”? And, what do we counsel others to do about it?
For the first question, a quote from the former US president Lyndon Johnson comes to mind. After hearing his senior economics advisor provide a speech in the Oval Office, LBJ responded dryly, “Making a speech on economics is a lot like pissing down your leg. It seems hot to you, but it never does to anyone else.”
A similar statement could be made about cybersecurity and the tragedy occurring in the Ukraine right now.
It’s challenging to distill that warmth-on-the-thigh feeling into outright five-alarm-fire awareness for our friends and colleagues. With that caveat, here is one attempt:
There is a very good possibility that by the time you are reading this, your information security teams are sending their own five-alarm emails about “HermeticWiper” virus, Conti ransomware and other cyber attacks related to Russia’s offensive into Ukraine.
When I read advisories from Qualys, PaloAlto Networks, Tenable, CrowdStrike and others, I was not surprised.
A recent deep dive into the evolution of cybersecurity and the current arms race, This Is How They Tell Me The World Ends, opens with the author experiencing Russian cyber attacks while visiting friends in Kyiv in 2016. The author, Nicole Pelroth, describes the Russian Petri dish of trial-and-error cybersecurity strategies that were employed for years against Ukrainian networks following Russia’s first incursion there in 2014. The author posited Ukraine was a fantastic target for testing Russian APT (Advanced Persistent Threat) cyber tactics before applying these same tactics to other challengers to Russian hegemony.
Maybe now your leg is warm, too?
Well, what can you or your organization do?
While this challenge seems daunting, there are steps you can take in the near term to help assuage the threats. None of these are fix-all solutions, but they all help harden your organization’s security. And even if the current situation in Eastern Europe was not driving heightened risk, these are important steps for every company in the technology-enabled business environment of today:
Address your weakest link, people. Implement multi-factor authentication if you have not already. Coach and re-coach your people about ways bad actors try to steal your employees’ credentials, such as romance scams, and how they can further the identity fraud for ransomware and other nefarious operations.
Tighten your Incident Response Plan. This act not only benefits your insurance premiums and ability to get a positive response from your provider if you suffer a cyber loss, but also raises the likelihood of a more positive outcome.
Run Tabletop simulations. Tabletops allow internal stakeholders involved in a cyber incident to test their muscle memory, so they know what to do during an event. Tabletops mitigate the pressure of the moment and the potential for poor ad hoc decisions. A sample of key questions to answer and prepare for:
Should we pay the ransom?
When and how do we securely validate our back-up data is secure (i.e. immutable back-up)?
When do we notify law enforcement?
Rinse and repeat.
If these pain points resonate, let us know. We have helped clients in all of these areas. Reach out and let’s start putting these fears to bed, together.