US President Joe Biden on Monday urged business leaders to strengthen their online defenses, warning that his Russian counterpart Vladimir Putin could use cyberattacks as a way to deepen the crisis.
“The thing is, he has the ability,” Biden said at the quarterly Business Roundtable meeting in Washington. “He hasn’t used it yet, but it’s part of his playbook.”
In a March 18 advisory to American businesses obtained by CNN, the FBI warned that hackers linked to Russian internet addresses were scanning the networks of five American energy companies.
And experts have warned of “significant” vulnerabilities in US systems that Russian hackers can exploit, as evidenced by last year’s attacks that breached Florida’s water supply, hit one of the world’s largest meat producers and shut down one of America’s largest oil pipelines for several days. .
“The threat will likely continue long after this conflict is over,” David Murphy, chief cybersecurity officer at accounting firm Schneider Downs and a former National Security Agency analyst, told CNN Business. “I think it’s just going to increase over time.”
Here’s what businesses can do to better protect themselves.
Updates, patches and backups
It might seem like an obvious and simple fix, but experts say updating your system software is an important way to prevent many attacks. These software updates often include security patches to fix vulnerabilities that hackers can and do exploit.
“It’s like increasing the cost to the adversary…if I make it a little harder, they move on to the next victim,” said Karen Evans, chief executive of the Cyber Readiness Institute, which provides resources to companies to strengthen their cyber defense.
Multi-factor authentication, which supplements passwords with an additional login method such as a dial-up code from a separate device or fingerprint scanning, is also becoming a must-have for enterprises to secure endpoints. potential entry into their networks.
However, one such service, Okta, acknowledged late Tuesday that a cybersecurity incident in January may have affected hundreds of its customers. The new details came after a mysterious hacking group known as Lapsus$ posted screenshots claiming access to an internal Okta administrative account and the company’s Slack channel. The incident can only add to the nervousness in the business community.
Evans says it’s important for businesses to also have a contingency plan in case they are attacked, and one of the best ways to do this is to have backups of critical or sensitive data stored in outside the system.
“Can I restore operations from my data backups if I go down? Do I have another way of doing business?” she says. “It’s the business resiliency, the continuity plans that small businesses need to have, and in the midst of the crisis now is not the time to find out I have a gap.”
And in the current situation, where concerns about cyberattacks are centered on a particular country, Murphy suggests companies specifically target internet addresses originating from that country — in this case, Russia — in a move known as geo-blocking.
“It’s not going to protect you 100%, but it’s definitely at least knocking down some of the handy fruit,” he said.
Cyber insurance
As the risk of cyberattacks increases – especially ransomware attacks that can extract millions of dollars to restore systems – companies are increasingly opting for additional insurance plans that can help pay for damages and losses. due to cyberattacks.
According to providers and industry experts, demand for cyber insurance has increased in recent years, driving premiums for these plans up to 22% between 2019 and 2020. But for businesses that can afford it, it’s a good way to not only protect against damage but also to keep them more vigilant against threats in the first place.
“Cyber insurance is getting extremely expensive, but it’s also putting requirements on businesses to make sure they’re covered and also protecting themselves,” Murphy said, pointing out that insurance companies will often have a list of questions for businesses to ask. businesses must meet and protections they must have in place to even be eligible for a plan.
But companies should be wary of treating cyber insurance as the be-all and end-all of attack protection, Evans warns. Businesses need to assess their risk and make systemic changes whether or not they are protected after the fact.
“It’s not necessarily, ‘Oh, I bought cyber insurance and I’m done,'” she said.
To further complicate matters when it comes to Russian cyberattacks, insurance companies often have clauses providing exceptions for acts of war and nation-state attacks, in which case the policy does not apply.
Employee awareness
Although businesses need to protect themselves at the network and system level, precedent shows that attacks can originate from a single compromised device, account or email address.
Three of the four pillars of cyber protection that the Cyber Readiness Institute urges businesses to address – weak passwords, use of external USB drives, and phishing attacks (where hackers use deceptive links to get personal data) – tend to exploit individual users.
“When you look across the board, it’s a culture shift that needs to happen,” Evans said. “It doesn’t matter how big an organization is – it’s the leadership, it’s the CEO, it then trickles down to all the employees.”
Ultimately, many cyber vulnerabilities are due to human error and misjudgment, and that’s why companies need to educate their employees about cyberattacks and measures to mitigate them. The rise of remote work during the pandemic has further complicated this task, with the distributed workforce providing hackers with many more potential entry points into the network.
“Humans are in the equation, and that’s why it ends up having to be organizational change,” Evans said.
– CNN’s Sean Lyngaas contributed to this report.