cool tech graphics

The Cybersecurity threat from Russia

Filed under:

On Thursday, February 24, 2022, Russia invaded the sovereign nation of Ukraine. Immediately after, in a speech, President Biden said the following:

“Let me also repeat the warning I made last week: If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond. For months, we have been working closely with our private — with the private sector to harden their cyber defenses, sharpen our ability to respond to Russian cyberattacks as well.”

While I don't doubt the veracity of this statement, there are 31.7 million small businesses in the U.S, and many, many, many of them are on their own when it comes to protecting the data that we control. And the threat posed by Russia is no small matter.  Here are a few key points:

  • New analysis suggests that 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers.
  • At the end of 2021, Google discovered that more than 1 million devices had been infected in the Russian Botnet attack.
  • Russia has a long history of cyberattacks, including the White House back in 2015

Another wrinkle to this story is that Ukraine has significant offensive capabilities, as well, and those are being directed at Russia. In fact, a successful DDoS attack —a Distributed Denial-of-Service attack, pronounced DEE-daus— took Russian state news site RT offline Thursday and well into Friday right after Ukraine was invaded.

What can we do?

The White House hasn't released new guidance; they did release the following five best practices back in June 2021:

  1. Backup systems, regularly test them and keep the backups offline.
  2. Update and patch systems promptly.
  3. Test your incident response plan.
  4. Check your security team’s work via a 3rd party.
  5. Segment your networks.

 While this is all good advice, this assumes a few things:

First assumption: You know what systems you have and what their status is. The reality for most businesses is that technology has grown organically and maybe in various states: modern, dated, really dated, or hidden. Let's touch on the last one first. Unless you have recently had a code audit (something we can help you with) there is likely technology that nobody knows about. This technology may be something that a developer who is no longer with the company created or something a marketing person bought and then forgot. It's surprising how many things are not on a company's radar and serve small but mission-critical functions. The reality of business is that keeping technology up-to-date is always a case of ROI. If the return on investment isn't there, the can is kicked down the road, and that process can be repeated for a long time. As a general rule of thumb, you can assume the following:

  • Built in the last 3 years — probably ok
  • Built 4 to 8 years ago — should likely be replaced
  • Built 9+ years ago — probably in bad shape

sergei_brin_google_glass

This was still considered cool in 2012...

Second assumption: You have an ongoing roadmap with a support and replacement schedule for all of your technology. Knowing where everything is today is the first step — keeping things up-to-date is a never-ending responsibility. 

Item #4 on the White House recommendation list is "Check your security team’s work via a 3rd party."  As a 3rd party technology consultant, I obviously have some bias.

Get ready personally

If you can't influence the technology decisions at your organization, or even if you can, it's important to start protecting yourself personally. This is not fun to hear, but there will be more security breaches, and your data will be compromised. Here are three things you can do to mitigate the impact: 

  1. Install antivirus software
  2. Use a password manager
  3. Don't click on links you don't recognize

Install antivirus software

If you aren't running antivirus software, you should be — EVEN if you are on a Mac.  At Metal Toad, all of our machines run Sophos, and it's worth getting your organization to buy you a copy or buying one yourself.

Use a password manager

One of the most significant issues with data being hacked is usernames and passwords. 72% of people reuse the passwords, and 13% use the same password for all their accounts. When a website or application is compromised, ALL of the websites and applications using that password are also compromised, potentially leading to a chain of data loss and/or fraud. The best way to avoid this is to use a password manager. At Metal Toad, we use Lastpass to manage all of our passwords and keep track of duplicates, etc.

Don't click on links you don't recognize

I'm choosing my words carefully here. Don't assume because you received a call (or text) that appears to be from someone you know that it is a legitimate link. Emails and texts can be sent to appear to be from trusted individuals, and scammers can create phishing websites that may look like your bank, credit card, email, etc. If I receive an email notification, I'll often go directly to the website it is supposedly originated from to verify its authenticity.

Date posted: March 23, 2022

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>, <java>, <php>. The supported tag styles are: <foo>, [foo].
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Metal Toad is an Advanced AWS Consulting Partner. Learn more about our AWS Managed Services

About the Author

Joaquin Lippincott, CEO

Joaquin is a 20+ year technology veteran helping to lead businesses in the move to the Cloud. He frequently speaks on panels about the future of tech ranging from IoT and Machine Learning to the latest innovation in the entertainment industry.  He has helped to modernize software for industry leaders like Sony, Daimler, Intel, the Golden Globes, Siemens Wind Power, ABC, NBC, DC Comics, Warner Brothers & the Linux Foundation.

As the CEO and Founder of Metal Toad, an AWS Advanced Consulting Partner, his primary job is to "get the right people in the room".  This one responsibility is cross-functional and includes both external business development functions as well as internal delegation and leadership development.

A UCLA alumni, he also serves in the community as a Board Member for the Los Angeles Area Chamber of Commerce, the Beverly Hills Chamber of Commerce, and Stand for Children Oregon - a public education political advocacy group. As an outspoken advocate for entry-level job creation in tech he helped found the non-profit, P4TH, an organization dedicated to increasing the number of entry-level jobs in the tech industry, and is in the process of organizing an Advisory Board for the Bixel Exchange, a Los Angeles non-profit that provides almost 200 tech internships every year.

 

Have questions?