The US President has issued a statement that uses the likelihood of malicious action by Russia to implore companies to urgently improve their cyber defences.
Joe Biden’s statement is thin on specifics and, under normal circumstances, one might be tempted to treat it with scepticism. After all, it’s not unprecedented for governments to fabricate a crisis in order to increase their power or to distract from their mistakes. These are not normal circumstances, however, and the brutality of Russia’s assault on Ukraine makes it easy to believe it’s capable of any escalation.
I’ve previously warned about the potential that Russia could conduct malicious cyber activity against the U.S. Today, I’m reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks. https://t.co/wO2jJgg5SJ
— President Biden (@POTUS) March 21, 2022
Heads up to everyone who sees this on their timelines. The President has been right about Putin from the start, he hasn’t played politics with this.
Take note and precautions. https://t.co/tKNPhsDgb3
— David Yankovich (@DavidYankovich) March 21, 2022
“Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors,” Biden went on to say. “We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.”
While Biden directed his statement to American companies, it seems fair to assume the threat applies equally to other NATO countries, especially those that have made a conspicuous point in assisting Ukraine in its defence, such as the UK. It’s also likely that cyber security departments have been on high alert since the start of the Ukraine crisis, but they can always do more.
Here are Biden’s top tips:
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it cannot be used if it is stolen;
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.