The United States warns companies to prepare for Russian cyberattacks. This is how they can do it

Russia may be planning a cyberattack, experts say 1:09 (CNN Business) — As Russia’s war in Ukraine and its diplomatic standoff with the United States continue to escalate, warnings that Russian cybercriminals could go after American companies have taken on a renewed urgency.
US President Joe Biden on Monday urged business leaders to beef up their defenses online, warning that his Russian counterpart Vladimir Putin could use cyberattacks as a means of escalating the crisis. “The point is that he has the ability,” Biden said at the Business Roundtable’s quarterly meeting in Washington. “He hasn’t used it yet, but it’s part of his playbook.” In a March 18 advisory to US companies, obtained by CNN, the FBI warned that cybercriminals linked to Russian Internet addresses have been scanning the networks of five US energy companies. And experts have warned of “significant” vulnerabilities in US systems that Russian hackers can exploit, as evidenced by last year’s attacks that compromised Florida’s water supply, hit one of the world’s largest meat producers world and shut down one of the largest oil pipelines in the United States for several days. “The threat will likely continue long after this conflict is over,” David Murphy, director of cybersecurity at accounting firm Schneider Downs and a former National Security Agency analyst, told CNN Business. “I think it will just increase over time.” This is what companies can do to be better protected. Updates, patches and backups It may seem like an obvious and easy solution, but experts say that keeping your system software up to date is an important way to prevent many attacks. Those software updates often include security patches to fix loopholes that cybercriminals can and do take advantage of. “It’s like increasing the cost to the adversary…if I make things harder for them, it’s passed on to the next victim,” says Karen Evans, CEO of the Cyber ​​Readiness Institute, which provides resources for companies to bolster their cyber defenses. Multi-factor authentication, which supplements passwords with an additional login method such as a numbered code from a separate device or a fingerprint scanner, is also becoming a must-have for businesses to protect potential entry points into their networks. However, one of these services, Okta, acknowledged late on Tuesday that a cybersecurity incident in January could have affected hundreds of its customers. The new details came after a mysterious hacker group known as Lapsus$ posted screenshots claiming to have accessed an internal Okta administrative account and the company’s Slack channel. The incident may increase nervousness in the business community. Evans says it’s important for businesses to also have a contingency plan in case they are attacked, and one of the best ways to do this is to have backups of critical or private data stored off-site. “Can I restore operations from my data backups if I am attacked? Do I have an alternative way of doing business?” she said. “That is the resilience of a business, the continuity plans that small businesses must have, and in the middle of the crisis is not the time to discover that I have a gap.” And in the current situation, where the concern about cyberattacks is focused on a particular country, Murphy suggests that companies can specifically target Internet addresses that originate from that country, in this case, Russia, in a measure known as geo-blocking. “It’s not going to protect you 100%, but it certainly does at least eliminate some of the easier suspects,” she says. Cyberattack Insurance As the risk of cyberattacks increases, especially ransomware attacks that can require millions of dollars to restore systems, businesses are increasingly looking to additional insurance plans that can help pay for damages and losses caused by cyber attacks. Demand for cyber insurance has increased in recent years, according to providers and industry insiders, pushing premiums for those plans up as much as 22% between 2019 and 2020. But for companies that can afford it, it’s a good way to not only protect yourself against harm, but also stay more vigilant against threats in the first place. “Cyber ​​insurance is getting extremely expensive, but it’s also putting requirements on businesses to make sure they’re covered and protecting themselves,” Murphy said, noting that insurance companies often have a list of questions that they ask. Companies have to respond and have protections in place to even qualify for an insurance plan. But companies should be cautious about viewing cyber insurance as the only protection against attacks, Evans warns. Companies must assess their risk and make systemic changes, regardless of whether they are protected after the event. “It’s not necessarily, ‘Oh, I bought cyber insurance and that’s it,'” she said. To further complicate matters when it comes to Russian cyber attacks, insurance companies often have clauses that make exceptions for acts of war and attacks by nation states, in which case the policy does not apply. Employee Training While businesses must protect themselves at the network and system level, precedent shows that attacks can originate from even a single compromised device, account, or email address. Three of the four pillars of cybersecurity that the Cyber ​​Readiness Institute urges companies to address: weak passwords, use of external USB drives, and phishing attacks (in which cybercriminals use deceptive links to obtain personal data), tend to exploit to individual users. “When you look at it across the board, it’s a culture change that has to happen,” Evans said. “It doesn’t matter what size the organization is: it’s the management, the CEO, and then it spreads out to all the employees.” Ultimately, many cyber vulnerabilities come down to human error and lapses in judgment, which is why companies need to make employees aware of cyber attacks and measures to mitigate them. The rise of remote work during the pandemic has further complicated this task, as distributed workforces provide hackers with many more potential entry points into the network. “Humans are part of the equation, and so this ultimately needs to be an organizational change,” Evans said. — CNN’s Sean Lyngaas contributed to this report.