Sunday, April 21, 2024

How To Avoid Being Caught In Global Based Cyberwarfare

 


Although the scope of this blog is to remain as apolitical as possible, sometimes it’s not just that easy to do, especially when you are talking about nation state threat actors, such as those of Rusia, China, North Korea, Iran, etc. 

I also have to be honest and say that this year so far has been amongst the worst that I have ever seen for geo-related conflicts.  For instance, there is the Ukraninan war, the Hamas war, and now even possibly a war with Israel and Iran.

Although these wars are bring fought with the traditional means to do so, there is yet another angle to do this:  The Cyber Warfare that is taking place.  Of course we can’t feel it or hear it, because it is all taking place in the digital world. 

But believe it or not, there are victims of this as well, as we have seen in the Ukraninan war. For example, hackers from Russia have directly attacked its Critical Infrastructure causing havoc to all of its resources.

An example of just horrific this is, click on the link below:

https://www.darkreading.com/ics-ot-security/kyivstar-mobile-attack-ukraine-comms-blackout

So if you are unfortunately in the midst of experiencing this kind of crisis, there are key steps that you need to take to protect yourself and your business.  Here are some of them that you can take:

1)     Employee Safety:

First and foremost, remember always that your employees and other subcontractors that you may have hired are probably amongst the greatest assets that you have.  Thus, you need to take every precaution that is possible, at least from within the confines of your business.  If you have a remote workforce, then check up on your employees periodically to make sure that all is well.  By taking this kind of approach, you will truly show your employees that you care about them and their wellbeing.

2)     Backups:

Apart from your employees, your Datasets are your next big assets.  But as we know today, this is one of the prime targets for the Cyberattacker.  Therefore, as I have written about many times for clients and even here on my own blog (and even in my books), backups are totally essential.  You cannot do without them.  You need to maintain a regular schedule of doing this for however it fits your security requirements, and always keep in mind that you have to maintain multiple copies of your backups.  If you have an On Premises Infrastructure, then of course this will be much harder to do.  So, my advice to you in this regard is to use the Cloud, such as that of Microsoft Azure.  They have great tools already available for you to use.

3)     Cybersecurity Training:

This is probably the next important item down the rung here.  Your employees have to maintain the strongest levels of Cyber Hygiene that are possible, and the only way you can do this is by training them.  So just like how you do your backups, you also need to maintain a regular schedule here as well.  My recommendation is at least once a quarter, and it should be given in person directly.  But don’t make your training sessions as a “one size fits all” approach.  It needs to be specific and tailored to the audience that you are teaching.  For example, if they are members from your finance and accounting departments, then you need to educate them more about the tactics of Social Engineering, and how to spot BEC Phishing Emails (this is an acronym that stands for “Business Email Compromise”, and it is a kind of attack where the sense of fear and urgency is targeted towards these departments in order to wire a large sum of money to a phony, offshore account).

4)     Perimeter Security:

It is imperative that you get away from this kind of security model.  It assumes that you have one line of defense circling and protecting your business.  But despite how fortified this is, once a Cyberattacker breaks through it, they have complete reigns over your IT and Network Infrastructure.  So to avoid this from happening, implement what is known as the “Zero Trust Framework”.  This is where you segment all of your digital assets into different zones, and each one has its own layer of defenses.  The thinking here is that if they can break through one zone, the chances of them breaking through all of the others becomes almost statistically insignificant because of all of the authentication mechanisms that are involved.

5)     Sharing:

In order to keep ahead of the game, you need access to intelligence.  The only way that you can get this is by forming partnerships with others in your industry to share that level of knowledge.  Also, there is a greater movement now in the Cyber industry for even more extensive partnerships to be created between the academic, public and private sectors.  I know for a fact that the FBI and Secret Service already do this, as they offer seminars to the public so that such knowledge can be shared.  Also, you can contribute to and get a wealth of information from such sources as the NIST, CISA, OWASP, etc.

My Thoughts On This:

Apart from taking these above-mentioned steps, don’t forget this one last thing:  Have your Incident Response, Disaster Recovery, and Business Continuity plans in place and ready to go if they are needed.  Also, make sure that you take the time to rehearse these as well, so all of the people that are involved with these plans will know exactly what to do.

Many business learned the hard way during the COVID-19 pandemic by not having these kinds of plans in place.  But make sure you are not caught again “with your pants down” in these uncertain times.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...