Seven ways U.S. businesses can protect themselves from Russian cyberattacks

Cyberattacks have become a part of modern warfare. These attacks on government agencies and businesses have increased because of the Russian invasion of Ukraine, with the risk of torrent cyberattacks against non-primary targets getting more widespread.

Business cybersecurity is at risk, and the potential targets include hardened infrastructure, such as government, utilities, and financial services. After Russia invaded Ukraine, its hackers launched cyberattack waves. Ukraine business websites were taken offline, and data-wiping malware was alleviated on government systems.

President Biden said that if Russia pursues cyberattacks against U.S. businesses and critical infrastructure, the United States will respond. Experts say that the U.S. has probably prepared for a cyberattack from Russia.

Russia has a long history of using attack vectors against perceived enemies, including the U.S. The SolarWinds hack was one example of a Russia-linked cyberattack on the United States. Russian cybercriminals were also behind last year's ransom attacks against JBS, the nation's largest meat producer, and the shutdown of Colonial Pipeline, the nation's largest fuel distributor.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned that Russian state-sponsored advanced persistent threat (APT) actors had used effective tactics to gain initial access to target networks. These include brute force, spear phishing, and exploiting known vulnerabilities against networks and accounts with weak security.

The U.S. government officials have been working with the private sector to harden their cyber defenses and sharpen their ability to respond to Russian cyberattacks. There’s a need to implement the best cybersecurity measures to protect businesses against cyberattacks. The following seven tips are some of the simplest practical measures businesses can take for their network protection against cyberattacks:

Patch for all vulnerabilities and software, even the old ones. Do not take shortcuts because if the organization only patches against known attacks, it may get caught because of an unknown vulnerability. Patch all systems, networks, websites, mobile applications, and everything on the internet.

Most businesses operate their websites in the “set it and forget it” way. However, websites running on WordPress 3.9 or earlier are at risk of potential vulnerabilities, such as SQL injection and cross-site scripting, information disclosure, and forgotten passwords. It only takes a few minutes for attackers to execute an automated tool that can detect these vulnerabilities and exploit them. Therefore, make sure to use an updated version of WordPress to stay away from potential vulnerabilities.

Back up all files and systems, so if there’s a cyberattack, the company can restore it. Make sure to store backups on a separate device that can't be accessed from a network. SMBs need to test their backups regularly. Network isolate backups from the operational systems. It’s possible to do this manually by a sophisticated network design or unplugging the backup device after a successful backup.

A study by Microsoft estimated companies can prevent almost 99% of all cyberattacks by enabling multi-factor authentication (MFA). Use MFA for all websites, accounts, systems, and network logins, especially emails. It uses the users' mobile or other devices as a second authentication method for identity confirmation. There are multiple ways to enable MFA. Typically, an application gets loaded on a mobile device and generates a series of random codes during the login process. The user is requested to enter the code along with the password.

There are patterns to how computer users perform their tasks, and AI can now detect departures from this pattern. Deviations could suggest an attack or the usage of the same ID by several computer users. For example, suppose a user who has never accessed websites in China suddenly tries to do so. In that case, it may not be a person, but rather an attack initiated by the computer user clicking on an infected email or webpage.

Using a deep packet inspection mechanism can eliminate malicious payloads before they make it to the company’s end-users. A filter or inspection device at the network edge will intercept all traffic between the users and the outside world and take appropriate actions based on the content of the traffic, such as alerting, re-routing, blocking, and logging. Deep packet inspection lets IT staff combat threats at the user application layer if a virus, ransomware, spyware, or worm makes it through other layers of network defenses.

Reputation systems are programs or algorithms that let participants in online communities rate one other to create trust. Block all connections from sources with a bad reputation, if possible. When it’s not possible to launch an assault the attacker can't connect because the connection has been blocked.

CISA put out an alert recently that lists 13 known vulnerabilities used by Russian state-sponsored criminals to compromise networks. Network cybersecurity and network protection are essential for a company's safety, as criminals detect the loopholes to infiltrate the system. It's become more important than ever that businesses take these proactive measures to strengthen their security.

Richard Luna, founder and CEO, Protected Harbor