By: David Jemmett, CEO, Cerberus Security
Update 03/21/2022: The Biden-Harris Administration today is warning against potential Russian cyberattacks on the U.S. based on evolving intelligence. See this update from today’s briefing from The White House.
It’s time to reevaluate the way we look at global conflicts such as the situation in Ukraine. CISA has issued a special warning, but I want to look at the reason behind the warning and what most people seem to be missing. While on the surface, Russia’s invasion of Ukraine may appear to be a traditional border conflict comprised of ground troops, shelling, and other aggressive tactics, this would be a gross underestimation of both the international implications and the real theater. Many of us are accustomed to hearing about invasions and foreign border disputes, almost to the point of being desensitized to the news.
However, a wholly separate and boundaryless war is being fought on the cyber front, which has no geographical limit, no international oversight, and no governing body. It started years ago, and most people are not even aware of the ongoing war. This changes the field of engagement from being a matter of one military power fighting another in a region, with innocent civilians being caught in the crosshairs, to a situation where all of us are the targets – us, here, now. The U.S. and its NATO partners are being attacked every minute of every day.
Why are we all targets?
Most stories you will read in the news seem to accurately convey the current conflicts around the globe. The top issue today centers around NATO and whether or not Ukraine will be joining or the risk to NATO if they do join. However, what really needs to be understood is that when nation states like Russia, North Korea, Iran, and China conduct warfare, they begin well ahead of time by sponsoring cyberattacks that will ultimately fund these ground wars.
This conflict started years before Russia invaded Ukraine, and it will continue long after. To help understand it better: when did you first hear of someone being hacked? Most are around the late 2000s; my first experience was 1992. It happened to be four kids in hoodies just seeing if they could break into our server. Today it is criminal organizations and nation-state-funded bad actors.
Nation-state-sponsored ransomware and software for extortion attack to yield bitcoin payments that can be made, moved, and tracked with impunity into coffers that fund horrific activities across our globe, including land invasions. Those payments most often come from private or cyber insurance payouts made to criminals in an organization’s attempt to regain control of their environment and/or data.
Who is conducting actual attacks, and does the U.S. Government know?
It is important to note here that the actual execution of these attacks is typically leveled by cyber mercenaries, also called “cyber gangs” or “state-funded hackers,” who contract directly with the highest bidder. It so happens that terrorist groups and bad-acting nation states pay very well, and with large amounts of wealth that can be transferred via bitcoin, it has become very attractive to criminal elements.
Not only do these activities fund wars and terrorist attacks, but they also provide a means for nation states to punish their enemies, by undermining profitability and economic stability through cyber onslaughts. For that reason, every citizen who is part of a NATO member country is a potential target, with the U.S. at the top of the list. Cyber miscreants seek to acquire intellectual property, state secrets, and financial gain via stealing it or extorting it.
That is why CISA (Cybersecurity and Infrastructure Security Agency), the U.S. federal government’s key cybersecurity communications arm, recommended in a recent posting that, due to the ongoing conflict in Ukraine, “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Why is this any different from other messages about protecting digital assets?
This warning may sound similar to what you hear day after day from cyber professionals: you need to protect your environment from attackers. However, much like the U.S. Dept. of Homeland Security and TSA issue travel warnings when there are credible threats, CISA issues warnings based on very specific information and intelligence.
So, this is not simply another reminder to implement multi-factor authentication around your critical assets as soon as you can get to it. This particular warning from CISA can be read as a directive for organizational leadership to ensure their internal teams urgently prioritize and accelerate cybersecurity projects that will have the most significant, immediate impact. This may be overwhelming to you or your organization, including whether you have the capital to invest or are even aware of what to do to “shore up your cyber posture.”
Why is Russia targeting NATO-member citizens, in particular?
The U.S. has led the charge among NATO member states for the leveling of widespread diplomatic embargoes and other punitive actions designed to undermine Russia’s economy, as a unified response to its merciless attack on Ukraine. Additionally, many corporations have expressed displeasure at the war and have shown support for Ukraine by (at least temporarily) divesting themselves of Russian interests, investors, business partners, trade agreements, and more.
In response, Russian state-sponsored threat actors know that every dollar lost in a cyber breach — $4.87 million per breach on average last year, according to the 2021 Cost of a Data Breach Report from Ponemon & IBM — is another chink in the armor of their country’s economy.
What can you do right away?
It can be hard to know where to begin or you may lack the knowledge or talent to gain a good cyber posture. You may already be getting penetration testing and security audits annually. I would directly encourage you to find a credible, objective third party known for their tactical expertise that can validate your security posture independently; i.e., truly have a professional second set of eyes for validation.
Test what your internal teams are seeing or not seeing. This will give you a more accurate picture of your most vulnerable assets and likely attack vectors (a point of entry on how a hacker can achieve getting in your systems). True seasoned cyber professionals are different than those in IT. We think like hackers, but we want to secure not disrupt.
It’s no different than getting a second medical opinion: if your doctor tells you that you’re healthy, but you feel off about something, you’ll seek another doctor. The same goes for a doctor that tells you that you have a terminal illness; it’s definitely another opinion.
You or your team may find there are some vulnerabilities, but there is a good chance you may not be seeing the whole picture. You may have more security gaps than you think and this is not a time in history when you want to just wait for your next assessment or keep from getting your first. More importantly, be proactive in getting a road map to security. Do not ignore it or put your head in the sand, because this is not going away. It is only going to get worse as the world is so dependent on being digital.
Further, it would be good to talk with a professional who can help you identify and speed up the projects you may already have on deck which will provide the most rapid improvement to your security posture, or, “getting your cybersecurity healthier.”
The reality is that you or someone you know has already become a potential victim in this conflict and others to come. When this land dispute is settled, we are still going to be at war digitally.
If your organization’s cybersecurity-specific dedicated teams are stretched thin, or if you don’t have a full team, please reach out to Cerberus Sentinel here. Our deep bench of experts is available to help to you speed up your highest-impact next steps, working as an extension of your team. The team of experts also evaluates your needs and works within your financial budget to map out how to get more compliant and secure. You and your organization’s security is top priority to us, Cerberus Sentinel wants to be your cyber partner.
For a more global perspective on what needs to be done, read the directives the Australian Government provided to its citizens, as well as those the United Kingdom provided to its citizens.
See a complete list of what CISA recommends to corporate leaders and CEOS in its Shields Up message.
If your organization is part of core U.S. infrastructure (electrical, gas, water, etc.), see this alert from CISA: Russian State-Sponsored Threats to U.S. Critical Infrastructure.
CISA and the FBI have issued a joint alert, found here. CISA and FBI Publish Advisory to Protect Organizations from Destructive Malware Used in Ukraine.
David Jemmett, CEO, Cerberus Sentinel discusses CISA issues shields up warning to all U.S.-based organizations – Ukraine Conflict. Cerberus Sentinel specializes in cybersecurity solutions that build a culture of security within an organization, enabling them to improve security, lower risk profile, optimize IT infrastructure, and meet regulatory compliance demands with extensive and comprehensive compliance review. Our Philosophy – Cybersecurity is a culture, not a product®. We believe culture is the foundation of every successful cybersecurity and compliance program. To deliver this outcome, we developed MCCP+ our holistic approach that ensures you’re secure in every area of your business. We are a publicly traded cybersecurity company listed with ticker CISO. CISA Issues Shields Up Warning to all U.S.-based Organizations as a Result of Ongoing Ukraine Conflict. A nationwide provider of consulting and managed services, with offices and resources across the USA, we specialize in building a culture of awareness for our clients. CISA Issues Shields Up Warning. Founded with the belief that an acquisition approach is the best way to address the industry-wide skills gap. We are focused on cybersecurity, compliance, and the culture that drives success, acquiring world-class engineering talent who utilize the latest technology to create innovative solutions to protect even the most demanding businesses and governments against continuing and emerging threats. David Jemmett, CEO, Cerberus Sentinel discusses CISA issues shields up warning to all U.S.-based organizations – Ukraine Conflict. CISA Issues Shields Up Warning.