23 years
97.9 Customer Satisfaction Score
200k Tickets Closed
83% resolved remotely
97% Resolved within SLA Goal

DHS Warns of Russia Cyber Threats: 7 Tips to Protect Your Organization Against a Cyberattack

Over the past few years, tensions have been rising between Russia and the United States, not in conventional military terms but cyberspace. Amid fears of a Russian invasion of Ukraine, concerns are spiking about how such a conflict would play out in cyberspace. The Department of Homeland Security issued a warning that Russia could launch a cyberattack against US targets on American soil if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security.

The DHS alert came in the wake of a string of destructive cyberattacks against Ukrainian government websites which bore similarities to previous Russian government-backed operations. Russian military intelligence assets have launched devastating cyberattacks against Ukraine’s power grid for years, succeeding in shutting down elements of it and knocking out power to millions of people.

Russian Cyberattacks Against the US

Russian cyberattacks against the US could range from relatively harmless strikes that aim to overwhelm websites to far more serious ones that aim to undermine economic stability by targeting US organizations and attacks on critical infrastructure such as airports and energy facilities.

Russia has a history of sponsoring cyberattacks against the US. For example, in 2021 alone, Russian criminals carried out several high-profile cyberattacks, including the JBS attack, which forced the meat supplier to pay $11 million in ransom, and the Colonial Pipeline ransomware attack, which caused fuel shortages on the East Coast.

In fact, the SolarWinds attack in December 2020, which was the worst-ever cyber-espionage attack on the US government, was carried out by Russian state-sponsored criminals. These criminals had access to key systems in more than 30,000 public and private organizations, including 10 federal agencies like DHS and the Pentagon, for over 90 days.

Why Would Russia Target the US Before Possibly Invading Ukraine?

Cyber capabilities are a means for states to compete for political, economic, and military advantage without the violence and irreversible damage likely to escalate to open conflict. However, these virtual battles have a real-world impact on our countries’ infrastructure, financial, and communications systems. The best way to cripple an opposing force’s capability is to cause widespread chaos across as many systems as possible via a cyberattack.

Unlike previous Russian-sponsored cyberattacks, which were conducted to make money or steal data, a Russian state-supported attack in response to the Ukraine situation would be done for a completely different purpose: to disrupt and cripple businesses and government agencies in the US These cyberattacks would distract the country from helping Ukraine in the short run, and in the long run to dissuade the US from taking any steps to actively support Ukraine under the threat of additional attacks. Russia thinks that enough disruption would create a public backlash against supporting Ukraine.

Could Cyberattacks on the US Backfire?

If Russia were to launch a blatant cyberattack against US targets, Washington would likely retaliate with defense or even offensive cyberweapons of its own. While it’s likely that Russia will continue to sponsor cyberattacks against the US in the future, the likelihood of an all-out attack in response to the Ukraine situation is unlikely.

The Russian government is likely to think twice before unleashing highly disruptive attacks against the US because the US government could interpret such attacks, particularly those targeting critical infrastructure, as acts of war, justifying counterattacks in the eyes of the world.

What Can US Organizations Do to Protect Themselves?

1.   Regular Patching

This is a very basic step but something many organizations struggle to implement. Outdated programs are often overlooked in vulnerability scans, meaning they could be easier for hackers to break into.

Make sure you’re always using up-to-date versions of everything on your network. This includes things like security cameras, firewalls, routers, operating systems, firmware, smart devices, and more. Keeping all of these tools up to date ensures that when vulnerabilities are discovered, fixes can be rolled out quickly before attackers can exploit them.

2.   Perform Vulnerability Testing 

Vulnerability testing is an ongoing, constant process. To ensure you have complete, in-depth coverage of your business’s entire network, you should perform regular vulnerability tests. These are similar to penetration tests in that they check for holes in your system — but they’re much simpler because they usually focus on one or two specific areas of interest instead of trying to scan everything at once.

They also run much faster than full penetration exercises, so it’s possible to run several scans concurrently. This ensures you don’t miss any potentially dangerous spots over time. Simply running automated scans isn’t enough, though – performing real-time security monitoring with sophisticated software will help you prevent attacks from gaining a foothold and allow your business to stay safe.

3.   Control Access to Your Systems

Access controls are the first line of defense against attackers and a good place to start reducing your attack surface. Without control on what a user can access, the user has access to every part of a network – even off-limits parts. Authorized users should have access only to those systems they need. This helps reduce potential exposure if one system is compromised by malware or infected with ransomware.

Properly implemented multi-factor authentication (MFA) can significantly strengthen an organization’s security posture by requiring more than just a password for access. An identity and access management system that logs the identities of each user, tracks their employment status, and uses MFA to verify access attempts, can solve many of the issues organizations face regarding unknown user identities and access permissions and dramatically reduces the chances of a cyberattack.

4.   Backup Your Critical Data

If you have exceptional offline backups and can protect them from becoming encrypted when ransomware hits your organization, you can quickly recover your data and bounce back to business in no time. You don’t have to pay when the hacker demands a ransom, and that’s half the battle won right there!

However, you need to ensure your backups are redundant by keeping both online and offline copies. Use the 3-2-1 Rule, which stipulates that the organization should always have 3 copies of its data, store those copies in two different media types and keep one backup copy offsite. You should also ensure that your critical data is backed up frequently – if you suffer a cyberattack and your last backup is six months old, your business will have a hard time recovering. Be sure to test your backups periodically to confirm the proper retention of data and the capacity of the people concerned to actually implement recovery following a data loss.

5.   Implement Advanced Endpoint Detection and Response (EDR) Solutions 

Advanced EDR solutions use proactive techniques, such as machine learning and behavioral analysis to identify potentially new or complex threats. EDR solutions can quickly identify an attack, its scope across your network, and isolate and quarantine infected systems to stop the attack. These advanced techniques make it much more difficult for an attacker to establish a solid footing on your network.

Deploy EDR widely across endpoints on your network, especially on privileged user systems and infrastructure servers. Whichever advanced EDR solution you choose, strongly consider deployment of this capability across all endpoints such as end-user systems, servers, and IoT. Work with your chosen vendor to verify that your EDR solution is configured to utilize its capabilities fully.

Consider implementing an advanced security monitoring team that can respond to EDR alerts to investigate suspicious traffic and carry out proactive threat hunting for faster detection and remediation of threats. This team will help protect your organization’s assets like data, business systems, operational technology, and brand.

6.   Cybersecurity Awareness Training

Many security breaches stem from human error. According to Verizon 2021 Data Breach Investigations Report, 85% of breaches involved a human element, while 61% involved credentials. Threats to your business can come in several forms, such as phishing emails and social engineering. That’s why it’s important to provide regular cybersecurity awareness training for your employees.

These programs are designed to help users and employees understand the role they play in helping to combat information security breaches. Effective cybersecurity awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions, and to identify cyberattacks they may encounter. The training needs to be frequent and reflects emerging security threats your organization faces. Some topics to cover in your training include phishing awareness, password security, email security, cyber incident handling and reporting, web security, and compliance.

You also need to ensure that the cybersecurity training includes the executive branch. Cybercriminals target executives since they are privileged users with access to sensitive data and have the authority to make financial decisions. Extending security awareness training to corporate executives helps build a cybersecurity culture and increase cyber resilience. Because the company’s leaders set the tone for the entire organization, training top executives may not only help them gain a better understanding of cybersecurity but also help to seed a “security-first” mindset throughout the organization. This helps ensure that every employee executes their day-to-day activities in ways that keep the organization as secure as possible.

7.   Develop an Incident Response Plan

Regardless of the maturity of your organization in terms of its security strategy and program, you can never 100% prevent a cyberattack. The worst time to prepare for a breach is after one has occurred. Having a robust incident response plan in place gives your organization the ability to manage the crisis, contain the threat, and recover and resume normal operations. The incident response (IR)plan clearly outlines the procedures to be followed and by whom when a breach or security crisis occurs in an organization.

A robust response plan should empower teams to leap into action and mitigate the damage as quickly as possible. Your incident response plan must be rehearsed regularly for various possible scenarios with all stakeholders (internal and external) across different roles. When an emergency occurs, you don’t want to waste time figuring out incident response processes and procedures while precious minutes are ticking away.

Secure Your Organization with Palindrome Consulting Today!

At Palindrome Consulting, we understand that safeguarding against cyberattacks involves understanding your business’s primary risks and addressing them through layered defenses encompassing people, processes, and technology. Our comprehensive end-to-end cybersecurity services include proprietary security assessment, penetration testing, security plan development, data breach and incident response, security awareness training, and managed security services. Contact us today to schedule an appointment with our cybersecurity experts and let us secure your business.

Thanks to our colleagues at Velocity IT in Dallas for their help with this article.

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Schedule Now

Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Martin Feldman
Martin Feldman
16:43 26 Jun 19
As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more
Rebecca Fischer
Rebecca Fischer
16:39 26 Jun 19
Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews