DHS Has Warned About Possible Russian Cyberattacks – Here’s What You Can Do to Stay Safe

A cyberattack from a foreign government is always a possibility. But, with the conflict between Russia and Ukraine escalating, the odds of a Russian entity carrying out a cyberattack on U.S. government, law enforcement, or critical infrastructure organizations has increased.

Is a Cyberattack Possible?

Yes. The Department of Homeland Security has issued a statement that the conflict in Ukraine could result in cybersecurity attacks on U.S. organizations.

“Russia’s unprovoked attack on Ukraine, which has been accompanied by cyber-attacks on Ukrainian government and critical infrastructure organizations, may have consequences for our own nation’s critical infrastructure, a potential we’ve been warning about for months,” the DHS’s “Shields Up” page stated.

According to a CBS News article, DHS Secretary Alejandro Mayorkas stated that the U.S. is on a “”heightened alert by reason of the geopolitical landscape.” In addition, cybersecurity officials did brief state and local government officials on the growing threat.

This kind of country on country attack is not new. In fact, the Associated Press has reported that 6 state governments were hacked by China last year for the purposes of cyber-espionage or financial gain.

Why Government Networks and Critical Infrastructure are Vulnerable

Not only would a breach on a government entity, critical infrastructure organization or even financial institution result in critical downtime and issues for the networks, it could quickly create real world consequences. One only needs to look at the Colonial Pipeline hack to know how fast an IT problem can spiral into a gas shortage, or worse.

Additionally, as we’ve pointed out before, we’re in the age of globalization, interconnectedness, and third parties. This especially applies to government entities and critical infrastructure organizations who rely heavily on third parties for everything from operational technology to email services to IT software. Third party access points are the weakest point of security for any organization, and if you multiply them, that risk also multiplies.

Take a look at SolarWinds, where, yes, a Russian hacking group, was able to hack into the organization and send phishing emails to a multitude of government agencies, including the Department of Homeland Security. Before you say, “who falls for phishing emails anymore?” the answer is, well, almost everyone. Phishing attacks are actually on the rise compared to 2020. It’s a serious risk, and one that Russians have already exploited.

Cybersecurity Best Practices to Stay Safe

While there’s never a hundred percent guarantee that a hack will not happen, there are a variety of cybersecurity measures any organization can employ to enhance their defenses.

 

1. Secure Critical Access Points

Access is key. If a hacker can get into your system from an access point, they can probably move laterally, or deeper, and cause major damage. Cybersecurity is no longer about protecting the perimeter, it’s about making sure every single access point across the entire network is secure.

 

2. Control and Monitor Access

The best way to protect access is to control and monitor who can access what. Building a zero trust network — where all implicit trust is removed from both internal and external users — begins by employing fine-grained access controls. Be it multi-factor authentication, time-based controls, or other tools, protecting access is the best way to protect the critical assets within your network. Monitoring is where an organization can better understand if and how those controls are working. Whether it’s through reactive analysis or proactive monitoring, employing some kind of automated monitoring is crucial for security, especially for high volume or mission critical access points.

 

3. Educate Your Staff

Good security starts with good education. As mentioned above, phishing is still a proven technique, so even taking the time to speak to staff about the dangers of phishing and other social engineering methods hackers often use to gain access through a single user or single user’s credentials. Building a robust access policy is not just about implementing methods and tools, it’s about making sure every user understands them, is following them, and is doing their part to prevent a data breach.