If you’re a business owner or operator and you’re not on high alert for cyberattacks, you should be, U.S. cybersecurity experts say.
As the Russian invasion into Ukraine drags on, the number of Russian cyberattacks has intensified, and it’s not unthinkable those could spread to the U.S.
And there is no such thing as truly being under the radar from international hackers if you are a small- or mid-sized company.
Last month, the Cybersecurity and Infrastructure Security Agency, a federal agency that aims to improve cybersecurity preparedness, issued a “shields-up” warning to U.S. organizations. The shields-up alert implores businesses and organizations of all sizes to take steps to reduce their chances of being infiltrated by hackers and ensure they’re prepared in case of a breach.
U.S. cybersecurity officials said small- and mid-sized businesses, because they often have fewer resources for cybersecurity, actually can be prime targets.
“The reason why there are these bulletins coming out, especially directed at small- and medium-size businesses, is that we have learned the hard way about the fragility of the global supply chain,” says Theresa Payton, a former White House chief information officer under George W. Bush.
That fragility was on display in 2021 in the aftermath of the Colonial Pipeline ransomware breach, which resulted in widespread panic buying that caused some gas stations to run out of fuel.
Businesses and other organizations in the Ukraine have already sustained numerous cyberattacks; most recently a wave of distributed denial-of-service (DDoS) attacks, in which hackers use a botnet to swamp a server with fake traffic to disrupt the flow of normal traffic. Hundreds – perhaps thousands – of computers in the Ukraine have also been infected by destructive malware as well, according to reports.
Because the world is so connected, there’s potential cyberattacks against Ukraine could reach the U.S., Payton says, adding that the interconnectedness of supply chains makes guarding against cyberattacks even more paramount.
Of the 16 sectors the Department of Homeland Security has identified as critically important to the U.S. economy and national security, the energy, financial services and transportation sectors are particularly at risk of Russian attacks given their high economic importance, says a recent Goldman Sachs cybersecurity report.
So what should businesses do?
There are several steps that could be taken, according to cybersecurity experts.
Chief among those is making sure your software is up to date throughout your organization and known vulnerabilities in earlier versions are patched; having antivirus and malware detection software up and running; and frequently backing up important data.
Companies also should look for cyber supply chain vulnerabilities and urge third-party software vendors to prioritize cybersecurity. Experts say testing your incident response plan also is critical.
Businesses, especially whose web site is the main way customers contact them, should ask their technology service provider if it knows how to detect a DDoS attack.
And now is the perfect time to double check your company’s use of multifactor authentication and strong passwords.
For those Hoosier companies that think this threat is a long way away, Stuart Madnick, director of cybersecurity at MIT’s Sloan School of Management offers an ominous warning.
“Countries and companies watching this latest chapter unfold should remember this: The online front of the (cyber) war can – and has – jumped borders.”
Anthony Schoettle is the director of communications for the Indiana Chamber. He started with the Chamber in 2021 after a long career in journalism. He’s won multiple awards for his storytelling ability on a wide range of business topics.
