The effects of global geopolitical actions and their real-world impact on individuals and organizations have increased in severity and magnitude in recent years. Currently, Russian actions in Eastern Europe are developing into a “when” not “if” scenario.
This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. In the advisory, CISA states that the “Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.” Given the situation in Ukraine, there is concern about an escalation of cyber threats and their impact on companies here in the United States.
In 2014, when Russia annexed Crimea, a new method of long-discussed warfare that had not been seen at this scale, was unleashed on the world. The battlespace was digital, with Russian actors deploying malware attacks to disable critical infrastructure and communications across the country. In response, companies like Mandiant FireEye released data showing an unprecedented uptick in malicious activity, originating from Russia, that was touching every continent as the tactics and weapons used in Crimea became available on the black market and threat actors began deploying their own versions in their cyber attacks.
Today, the lessons learned from the past should not be forgotten or overlooked simply because, once again, the conflict is on the other side of the world. Moreover, in 2014, the most targeted industry verticals were:
However, the impact was quantifiable in legal, wholesale, and agriculture, as well.
No organization should consider themselves safe via “security through obscurity”, or not being regarded as critical infrastructure. Domino or ripple effects can also be catastrophic for non-targeted businesses.
The CISA advisory opens with the following: “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.”
Companies in the US should be preparing for the reverberations of potential cyber-attacks by reviewing their Incident Response Plans and engaging with their Business Continuity and Disaster Recovery teams. The readiness of key leadership and personnel inside a company, to take action in the event of an outage or shutdown, can help reduce panic and mitigate damage while getting operations back up and running as quickly as possible should an event occur.
At Zaviant, our team of experts spends time learning the intricacies of our clients’ businesses to provide the most comprehensive solutions possible. We can alleviate your cyber threat concerns with services that support actions recommended by CISA.
Zaviant can reduce the likelihood of a damaging cyber intrusion through our cyber vulnerability assessment process. We’ll identify gaps in your network and applications and provide a plan to address known exploited vulnerabilities.
Zaviant can ensure that your organization is prepared to respond if an intrusion occurs with a Cyber Incident Response Plan, which includes designating a chain of command and tabletop exercises to ensure that all participants understand their roles during an incident. And Zaviant can maximize your organization’s resilience to a destructive cyber incident with an assessment of your Business Continuity and Disaster Recovery plans to ensure that critical data can be rapidly restored if the organization is impacted by a cyberattack.
Bolster Your Cyber Defenses & be Prepared
Contact us today to discuss the cybersecurity enhancement our team brings to your organization.