Headed to RSA in San Francisco? May 6-9 | Join us!

Should I Be Preparing for Cyberwar? What to Do Right Now

Preparing your business for a cyberwar

It’s been said that the wars of the future will be fought with only machines and cyberwarfare. Though the situation between Russia and Ukraine is showing that physical warfare still has a big presence, we cannot overlook the fact that cyberwarfare plays a big part in this conflict, and its impact will be felt by organizations around the world.

From phishing campaigns to malware variants, every organization in every industry is at risk of a cyber attack. That risk is escalated now as a result of the Russian/Ukrainian war. In fact, the Cybersecurity & Infrastructure Security Agency (CISA) recently issued a “shield up” alert to all U.S. organizations to be on high alert for cyber attacks. Here are some things your organization should be doing right now to fortify your security posture before it’s too late.

Logging and Monitoring

Logging and monitoring essentially grants a deeper layer of visibility into the performance of an organization’s network, data, and machines, among other things. This is a critical approach to bolstering an organization’s security posture because checking the logs allows an organization to recognize anomalies in network, data, and/or machine performance.

Consider this: Sophisticated hackers will not walk through the front door. They will find intricate backdoor entries, oftentimes through phishing attacks, and leave little indication they were ever there. But regularly checking the logs and questioning the anomalies that arise starts to shed light on the breadcrumbs they leave behind.

Quite frankly, without logging and monitoring, organizations cannot effectively narrow down anomalies to identify and stop a cyber attack.

An added benefit of checking the logs: Organizations gain a paper trail if something does happen, as well as a timeline to read back to see what happened and when.

Phishing Attacks Gain Momentum

As I previously alluded to, there is a way hackers can easily gain access to an organization’s most sensitive information, even if an organization deployed every possible security measure: Phishing. Regardless of the type (spear phishing, deceptive phishing, whaling, etc.) phishing is an extremely common — and often successful — cyber threat. To mitigate phishing threats, organizations need to ensure there is an effective and efficient employee education program in place that ensures employees are aware of these cyber risks and know the proper steps to take.

The risk of phishing threats also raises awareness of an organization’s bring your own device (BYOD) and remote workforce policies. If there is a cyber attack, it will take advantage of the organizations that either didn’t create or enforce their policies, or became lax in monitoring and mitigating vulnerabilities.

Malware Variants Are Very Real

The word “variant” is one that likely sends chills down spines after the last two years. COVID variants would seemingly emerge overnight and wreak havoc on whatever improvement or progress we seemingly made toward normal. Malware variants are essentially designed to do the same.

Consider, for example, the malware Russia unleashed in 2015 to take down the Ukrainian power grid. Two years later, Russia released NotPetya that disrupted Ukrainian airports, railways, and banks. But it also spread around the world in a worm-like fashion, wreaking havoc on companies that were not prepared.

However, the challenges felt by companies, like Merck, as a result of falling victim to NotPetya were minor in comparison to what could have been. There is a school of thought that believes NotPetya was not intended to be more than a test of future cyberweapons. After all, most cyber threats are iterations of existing malware, repurposed for the threat actor’s specific intentions. Malware variants are not to be overlooked, especially when you consider their intention could be to cripple infrastructure. 

Preventing Chaos

Cyberwar is not an industry specific event. In most cases, various cyber attacks — whether it’s phishing, Distributed Denial of Service (DDoS), ransomware, or malware — are unleashed to create chaos.

Consider the chaos we’ve seen with the various ransomware attacks over the past two years. When used as a cyberwarfare tool, however, ransomware likely wouldn’t be used to ask for ransom. Instead, it would lock and delete computers with no way to recover any of the data. Its purpose is to truly create chaos and destruction.

To mitigate these risks, organizations need to take a proactive approach to cybersecurity, starting with a clear understanding of the framework used to deploy their network. Leveraging an acceptable framework, like NIST, helps establish strong cybersecurity controls to manage and reduce cybersecurity risk.

But a framework alone is not enough. Organizations should conduct regular cybersecurity audits and penetration tests (pen tests) to understand their threat surface. In fact, pairing a pen test with a vulnerability assessment provides organizations with a holistic approach to the threat surface. An added bonus: Vulnerability assessments often provide false positives; this may offer insight into areas that otherwise would not be considered or addressed as part of an organization’s broader security posture.

Preparing for Cyberwar

Where we are today with the Russian/Ukrainian conflict is just a starting point in what’s to come. As we’ve seen in the past, Russia is a threat actor proficient in crafting and carrying out attacks. And now they have a reason to create new variants and perform new attacks, possibly leveraging attacks we’ve never seen before.

Now is not the time to become lax about your security posture; every organization needs to be prepared for what’s to come. After all, cyberwarfare doesn’t single out a specific industry; cyber attacks are industry agnostic and are often designed and unleashed with the sole purpose of creating chaos.

To navigate the changing landscape of cybersecurity, organizations need to take a proactive approach. From conducting pen tests and vulnerability assessments to revisiting BYOD and remote work policies, organizations cannot afford to be reactive in today’s world.

A-LIGN offers a comprehensive review of your infrastructure and processes with our Ransomware Preparedness Assessment service. With a unique three-phased approach that includes both assessments and real-world simulations, A-LIGN will identify any gaps in your organization’s cybersecurity posture and help your team prepare for any future events.