War in Ukraine could mean increased cyber risk for U.S. businesses

Listen to this article

The U.S. government’s cybersecurity experts are warning owners of businesses, large and small, to step up precautionary measures as Russia’s invasion of Ukraine continues.

With punitive sanctions by Western countries meant to cripple Russia’s economy, businesses and institutions across the globe face increased cyber threats.

“We are not aware of any specific threat right now,” John Durkin, Region II director for the government’s Cybersecurity and Infrastructure Security Agency (CISA), said during a Greater Rochester Chamber of Commerce member webinar Wednesday morning. “That being said, you don’t fix your roof in the rain.”

Durkin warned that it’s common practice for foreign governments to use “state-sponsored malicious actors” to target critical infrastructure sectors such as power and energy, water, health care, financial and transportation.

“But we need everybody to step up their defenses,” Durkin said. “Small- and medium-size businesses are the backbone of our economy. As the impact of the sanctions (become greater), we do expect some type of malicious activity.”

Thus, Durkin encouraged businesses to:

» “Spend the money to protect your network. Now is not the time to save;”

» Lower reporting thresholds;

» Report anything out of the ordinary, “regardless of how innocuous it may seem,” to CISA or the local FBI office. There is a “Report cyber issue” tab on the CISA homepage.

Russia hit Ukraine’s defense ministry, its army and two largest banks with distributed denial-of-service (DDoS) cyber attacks last month, CISA officials said. Russia has the capability of using malware that poses as ransomware, “making you think you can pay to have it removed, yet it is actually wiping out your network information,” Rich Richard, chief of cybersecurity for CISA Region II.

Within the Global Cybersecurity Institute at Rochester Institute of Technology is a tracking map showing all potential cyber attacks in real time. Justin Pelletier, director of the GCI cyber range and training center, said while a spike in activity was expected, they haven’t seen it yet.

“Certainly there’s a lot of potential,” Pelletier said.

He said that while the threat exists for an isolated incident, the Russians more likely will bombard the U.S. with “disinformation campaigns. They want us to be all riled up and not united in a response.”

Even if your firm underwent recent network upgrades, Richard said continual security checks are always a good thing.

CISA services are free and include:

» Vulnerability scanning. “We can find the hole on your box and help you close the hole,” Richard said.

» Phishing exercises meant to educate employees not to click links. “They are your first defense, they are the ones that will probably click on something first,” Richard said.

» Incident response plan exercises. “The worst thing is, on that bad day, turning to your response plan and finding out that it’s not adequate. If your response plan is up to date, you can very quickly minimize the impact of that infection.”

Russia isn’t the only bad actor, however. Richard said North Korea, the People’s Republic of China and several former Soviet Republic counties are active.

“North Korea’s economy is supported by cyber attacks,” he said.

The CISA website provides a vast array of resources, from infrastructure vulnerability assessments to how to choose a managed service provider.

“We are not here to big-brother you,” Richard said, “we’re here to help you.”

[email protected]/(585) 653-4020