Last week, President Joe Biden warned U.S. companies that Russian cyberattacks were imminent and urged private sector CEOs to invest in hardening their systems in preparation for an attack. This warning comes as global tensions continue to escalate surrounding Russia’s invasion of Ukraine, which saw the U.S. and many other countries around the world impose sanctions on Russia. Cyberattacks are simply “part of Russia’s playbook,” Biden reminded us, as U.S. News reported.
Anne Neuberger, Biden’s top cybersecurity aide, said that while there was no intelligence indicating a specific Russian cyberattack against U.S. targets would take place, there has been an increase in “preparatory activity” such as scanning websites and hunting for vulnerabilities, which are commonly used by nation-state hackers, U.S. News reported.
The fact that Russian cyberattacks thus far have been less than what was initially feared has led many security practitioners to wonder if their concerns were premature. But with the warnings coming from the White House last week, it seems that we are on the precipice of seeing some significant cyber activity.
If you have yet to take steps to harden your systems, it’s now critical to act. While President Biden is suggesting it’s a “patriotic obligation” for businesses to invest as much as possible in technology to counter cyberattacks, SANS Institute cyber professionals recommend that business leaders don’t stop what they’re doing and start a major security initiative or rush to make significant changes. Fact is, you may want to consider reducing workload to have capacity if the “what if” happens.
When’s the Best Time to Plant a Tree? 20 Years Ago
This situation U.S. companies find themselves in today can feel like that referenced by a popular Chinese proverb: “The best time to plant a tree was 20 years ago. The second best time is now.”
Sometimes all the foresight in the world can still leave some things foggy. We may wish we planted our cyber defense tree (it’s a new species) 20 years ago, but since we did not, the best step forward is to focus on what you can do now, immediately, to shore up your defenses.
Since Russia’s invasion of Ukraine in late February, expert SANS instructors have been working to continuously put out valuable resources to offer cybersecurity guidance, all of which we’ve been collecting in our Ukraine-Russia Conflict – Cyber Resource Center.
In one of the webcasts you’ll find in the resource center, SANS Senior Instructor Jake Williams shared the below list of action items that all businesses can take now to improve their security posture. This is where your immediate focus should be.
Another paper that you’ll find in the resource center comes from SANS Instructors Mick Douglas and Jon Gorenflo, who share six defensive techniques to make your attackers cry, also with an accompanying webcast that you can watch on demand via our YouTube.
After the Fire
After you’ve completed the immediate action items necessary to lock down your environment, and once the immediate danger has lessened, then you can turn your attention back to tasks that are likely to set up your company for long-term success. This is when you should evaluate your environment to identify any gaps in technology, staff, training, and security awareness, for example.
This is also the time to put resources toward developing a cybersecurity plan to be better prepared for the next major disruption or the next time a nation-state attacker comes knocking on your virtual door – because there will always be a next disruption. You’ll need an innovative approach as attacks continue to grow in complexity and new tactics emerge. The next time you experience a major disruption, having a well-formulated defense plan in place will enable your security team to focus on coming up with innovative solutions.
Here are some useful links to help you learn more about how SANS can help you improve your long-term security posture: