Bolster Cyberresilience Against Ukraine Conflict Crossfire
In the June 2017 NotPetya attack, a Russian cyberattack targeting Ukraine, French company Saint-Gobain was forced to halt operations resulting in the loss of over €80 million in company revenue. U.S. pharmaceutical company Merck & Co. suffered $1.4 billion in losses that stemmed from the same series of NotPetya ransomware attacks. Just as the impact of that initial cyberattack reached far beyond its initial target, the cyberattacks targeting both sides of the Russia-Ukraine conflict will result in more companies caught in the crossfire. Russia’s invasion of Ukraine provoked an army of hackers to join the conflict, and the threat has become one that organizations simply can no longer afford to ignore. The ranks of Ukraine’s ‘IT army’ of underground hackers swelled to more than 400,000 members within a few days of the invasion to launch a wave of disruptive cyberattacks on Moscow. But by no means does this mitigate the threat of a Russian cyberattack (or attacks) elsewhere. This hacktivist movement on both sides has sparked a significant increase in cyberattacks worldwide from DDoS, new data wipers, phishing campaigns and malware. In light of this, organizations around the globe should take immediate action to protect their assets. Prioritizing organizational cyberresilience to limit potential collateral damage from the movement needs to be at the forefront of business’ security strategies.
These cyberthreats are particularly concerning when it comes to critical infrastructure where IT and OT/ICS are highly interconnected, as a domino effect of compromises in the supply chain could have potentially devastating consequences. Where nation-state hackers may display a sense of focus and restraint, an ad hoc army of freelance hackers is more unpredictable, leading to new vulnerabilities for both people and businesses.
A New Approach to Network Security
Recognizing weak points in your organization’s cybersecurity posture is a key step in planning for the future. The main reason criminals easily gain access and command over a network is due to the inherent weaknesses apparent in the traditional approach to network security. In the physical office workspace, for example, organizations distribute keys to the physical environment that allow their employees access to the building rather than having an employee craft a key themselves. The power lies in the hands of the business rather than the individual.
Yet when it comes to the digital landscape, employees have free reign to create their own ‘keys’—passwords—which gives them the power of access to digital systems and can have devastating consequences. Employees can share, lose and/or reuse their passwords without organizations knowing if and when that happens. In fact, most of the time, cybercriminals log in rather than hack in, using tactics like phishing, social engineering, credential stuffing and password spraying to access digital systems. Password phishing alone was responsible for 83% of all cyberattacks in 2021. Trusting your employees to regularly change their passwords to stop malicious attacks is not a reliable long-term solution.
The Slippery Slope of Losing Control
Organizations also make it incredibly easy for criminals to maximize the impact of any breach by centralizing access behind a single entry point. After they make their first entry, gaining control of the whole network can be done easily. Attackers can stay inside a network and spy, install data wipers, lock files, halt operations or even launch ransomware attacks.
Focusing on prioritizing network perimeter security by investing in detection, response, patching and crisis management might appear like a decent fix. This is, however, ineffective by design. In the same way that you cannot spot the next COVID-19 variant before it has begun to circulate, it can be close to impossible to fix some vulnerabilities before they are discovered and therefore impossible to prevent cyberattacks or zero-days.
Bolster Cyberresilience and Protect Access To Your Network
It’s time for organizations to regain command and control over their networks and prioritize enhancing their cyberresilience with a bottom-up approach to network security. Businesses can start by applying physical access security rules such as locking all their doors and retaining the ownership of the keys.
First, don’t let employees make and share their own passwords. Instead, distribute strong, secure passwords to employees. Second, don’t aggregate all systems behind a single access point with one key; instead, segment system and network access so that if one password is stolen, a breach can be contained to that one segment rather than spread throughout the entire system. Finally, ensure all passwords stay encrypted from end-to-end during creation, distribution, storage and use, so that no one can see, share or phish them. In this zero-trust-by-default model, credentials are keys the company owns. Only specified users can access their own credentials after passing multi-level security checks and no one can see the keys. Since criminals can’t access or steal the keys, they can’t open the company’s doors. And if one key is stolen in a supply-chain attack, criminals won’t get the other keys, limiting the damage to a single system and account. This access segmentation makes digital infrastructure much more resilient.
As the risk of getting caught in the current cyberwarfare crossfire increases, it’s urgent for organizations to take responsibility for their network security before it’s too late.
