With the Russian invasion of Ukraine haunting our minds, hearts and pocketbooks, what cannot and should not be overlooked is its impact on cybersecurity. History tells us that in the past few years alone, the Russian government has scaled multiple cyberattacks against other countries for various reasons – to target a political candidate, to disrupt democracies, to wreak general havoc – all in the name of demonstrating power and control.
It’s no secret that the Russian government has established relationships with a host of criminal elements who are more than happy (not to mention well-compensated) to do Russian President Vladimir Putin’s bidding in creating commercial, industrial, financial and governmental chaos. And with the United States and its allies now imposing stringent sanctions aimed at hitting Russia’s economy, retaliation in the form of cyberattacks against the West are likely not a matter of if, but when.
The threat level for the banking industry – and most industries, for that matter – is looking to rise over the short term, leading to potential long-term problems. Therefore, it is more important now than ever for businesses to take the time to assess their current cybersecurity protocols, add security measures if needed and in general up the ante against cyber breaches.
First and foremost, take monitoring to 24/7/365 heights. Now is not the time to practice “poor cyber hygiene,” according to Bruce McCully, chief security officer with Galactic Advisors.
“I see many organizations with IT departments focused on standing up lots of expensive solutions to protect against hackers. They end up misunderstanding their risks and dumping money down the cybersecurity toilet,” said McCully. “If you don’t have someone evaluating security holes, who will?”
What Steps to Take
Multifactor authentication provides an extra layer of protection and a good defense against attacks. This security process verifies identity in two ways before allowing access to an account or website. Twice the protection of single-factor authentication, where the user typically provides a password or passcode solely, multifactor authentication asks for a second identifying factor, such as a fingerprint, facial scan or a security token. Other identifying methods can also be used, such as a location factor.
Patches – security updates that address identified vulnerabilities – are a priority for cyber protection. Patches are fundamental in covering holes in security and should be performed regularly. The same goes for making sure that web application firewalls and network appliances are up to date.
And do not put off updating software – better yet, leverage automatic updates on operating systems for all applications, and in particular web browsers.
Nex, back up all data regularly…ditto for data stored in the cloud.
You should also mandate safe password practices in your workplace. Passwords are the weak link of cybersecurity with a majority of data breaches occurring due to lost, stolen or inadequate passwords. A mix of upper- and lower-case letters, numbers and symbols is best, and it cannot be overstated that passwords should be changed every 60 to 90 days.
While doing all the above, it’s important to observe unusual behavior with vigilance. Abnormal access times, numerous login failures, unusual file downloads or an increase in authentication failures are all signs of a potential cyber breach. And always think before you click. If an email is incomplete and/or has misspelled words, has a call for immediate action, is addressed to a username, has a misleading domain name, a mismatched URL or appears to come from a government agency – take that “this seems wrong” gut feeling to heart and delete.
Additionally, look to have a penetration test done of your network. These tests can find personal identifiable information (PII) on your systems, as well as stolen passwords and irregularities that serve as open doors to the experienced cybercriminal.
The past tells us that Russia has the means and the desire to disrupt U.S. businesses. Western sanctions in response to the hostile battle Russia is now waging against Ukraine are certain to evoke retaliation measures. Businesses should waste no time in taking actions to protect against their exposure to cyber threats.
Konrad Martin is CEO of Tech Advisors.