News Insights: White House Warns Companies to Increase Cyber Defenses in Anticipation of Russian Cyberattacks

Today, the White House warned private companies to increase their cyber defenses  given evolving intelligence suggesting the Russian government may be exploring “options for potential cyberattacks” in response to the imposed and unprecedented economic sanctions.

News Insights:

Marjorie Dickman, Chief Government Affairs and Public Policy Officer at BlackBerry:

“We commend the White House on its continued cybersecurity and Zero-Trust focus to increase U.S. protections and resilience against escalating malicious cyber activity, starting with the Cybersecurity Executive Order (EO) last May. While the EO was a ‘game-changer,’ it was only the first of many steps that the Administration and Congress would need to take to address the cybersecurity landscape, including additional federal funding to modernize cybersecurity defenses, a Software Bill of Materials (SBOM) for federal procurement, and legislation like cyber incident reporting.

Specifically, the Administration’s emphasis on a prevention-first, public-private, and G7 collaborative approach to cybersecurity bad actors is noteworthy. Critical to this, as noted in the White House announcement, is deploying modern automated security tools like artificial intelligence and machine learning to prevent and mitigate threats; emphasizing the criticality of a Software Bill of Materials (SBOM) to track and fix malicious components; and reiterating that all U.S. government procurement must meet the Cyber EO’s security directives.”

Mark Manglicmot, VP of Security Services, Arctic Wolf:
“Companies need to act urgently to ensure they harden themselves in preparation for nation-state-sponsored cyber-attacks. They must urgently look to patch any devices with known vulnerabilities and communication to their employees the critical need to be on heightened alert for malicious links and attachments in suspicious emails.

The likelihood of a cyber-attack on key industries has sharply risen over the past few weeks. These industries include critical nation infrastructure (both public and privately owned), hospitals, and financial centers. These industries must maximize their information-sharing partnerships to keep each other abreast of attack intelligence in real-time.

Finally, 24×7 monitoring to detect the earliest attack indicator must be in place and ready to respond both technically and as a business. The sensitivity of this monitoring must be at its most sensitive level. If companies feel they aren’t ready for a cyber-attack, the three most important things to do are patch known vulnerabilities, rapidly establish 24×7 security operations monitoring, and alert employees to be on the lookout for malicious emails (aka phishing). Being a resilient business and thus continuing to operate through a cyber-attack is the ultimate goal.”

James McQuiggan, security awareness advocate at KnowBe4:

“When the pandemic hit in 2020, organizations and their InfoSec & IT departments scrambled to get people to work from home to reduce the risk of infection caused by the Coronavirus. Budgets approved, products installed, and users were working from home within days to weeks versus the expected months to years.

With the recent cyber-attacks between Russia and Ukraine and the current intelligence coming from the US Government, organizations want to shore up their defenses to reduce the risk of a successful attack by any nation-state. Considering the target is towards the US-defined critical infrastructure, organizations must implement the various safety requirements to protect their data and systems.

However, the mitigating threat tactics put forth by CISA’s “Shields Up” will require boards to approve and fast-track spending for products and services not already implemented.

Some of the items that are the quickest return on investment and implementation time would be reviewing incident plans and recovery strategies in the event of an attack.  Review and mitigate risks to external facing systems and verify they are fully patched and current on all security updates.

The most impactful will be to ensure employees receive education, are aware of the latest attack methods, and are vigilant on all unexpected emails that require any urgency for action.”

Erich Kron, security awareness advocate at KnowBe4:

“Tools like Slack offer a quick way for people to connect and collaborate, however there can be technical and non-technical concerns with these platforms. Because many people may already be using platforms like Slack for other personal interactions, they may be tempted to use their personal accounts to communicate with coworkers about business matters, a problem that could become a headache pretty quickly in the event of legal action. For organizations planning on using these collaboration tools, it would be wise to look into the business focused versions of the platforms which typically provide more security and control than the free personal versions used by many. The ability to control who is allowed to be included in these discussions, and potentially being able to control attachments and other features that could put organizational data at risk, could certainly be worth the additional cost over free versions.

Employees should be told what is and is not acceptable when using these platforms, and that needs to be backed up by a well-written policy that explains the acceptable use of the tool and the limitations. Because many people may already use these platforms in a personal setting and are comfortable with them, making sure expectations are managed, especially with respect to professional communication standards, is critical.

Through these platforms, organizational data may end up on personal mobile devices as well, so the security of the devices should also be stressed to employees and their responsibilities with respect to protecting this data clearly defined.

Given the popularity of these platforms in personal and work environments, policies and training around these cannot be ignored, and organizations that attempt to ban their use, might find that employees go outside what could better be controlled and monitored through a business account. Decisions on dealing with this new form of communication must be carefully considered with input from legal counsel.”

Rajiv Pimplaskar, CEO, Dispersive Holdings, Inc.:

“Nation state toolkits are especially dangerous as they are highly effective against Industry standard IPsec VPN as well as TLS encryption. Russia and other Nation state actors have a vast amount of compute resources as well as well coordinated teams to play a long game against targeted Western governments, enterprises and MNCs. Also, that motivation in such situations is not just economical but also strategic means sensitive data that is detected can be used to reverse engineer source and destination relationships as well as identify flows of interest. Furthermore, Nation state toolkits can use public cloud as a gateway to get underneath the encryption layer and capture the data flow itself for future analysis. Traditional zero trust approaches stop at the network and are largely ineffective against Nation state actors. Critical infrastructure companies should bolster their cyber defense posture with advanced communications security that can obfuscate resources, as well as leverage data multipathing to present a harder target for such threat actors.”

Garret Grajek, CEO, YouAttest:  

“Timely message – not only has Russia warned of attacks on western infrastructure – there has been evidence of the change of hacks from purely financial, e.g. in the case of Colonial Pipeline for ransomware to more malicious instructions and efforts to disrupt western critical infrastructure. The alert is warranted and should extend to all internet facing systems that were identified in all the 16 categories of infrastructure identified by the US CISA (Cybersecurity & Infrastructure Security Agency) in PPD-21 (Presidential Policy Directive 21). The key to securing these systems is to be aware of all the assets, especially identity, and then changes in roles and permissions – since controlling of admin accounts is crucial to the lateral movement, persistence and data exfiltration that the hackers desire to implement.”