This white paper discusses the following topics to help you deal with relevant cyberattack scenarios in light of the ongoing Ukraine crisis and alike critical events:
-
- Common signs of cyberattacks
- Cybersecurity Checklist
The ongoing Ukrainian crisis has revealed that the impact of an extreme critical event could be far-reaching and not limited to the place of occurrence. It has a global resonance threatening the cybersecurity of governments and businesses, global supply chain, goods movement, prices..etc. The Cybersecurity and Infrastructure Agency (CISA) warns businesses across sectors like finance, banking, energy, and utilities against possible cyberattacks. These cyberattacks may potentially affect critical infrastructures, disrupt markets, and sabotage the security and safety of countries and governments worldwide.
As a response to the imposed western sanctions against Russia, cybersecurity experts have expressed that a potential cyber war is being reshaped between Russia and the West is an absolute concern and cannot be overlooked given what we are witnessing of cyberattacks on the Ukrainian vital sectors and infrastructure.
What are Common Signs of cyber-attacks?
1. Suspicious Emails
If your business email has been compromised, hackers can use man-in-the-middle attacks to reach confidential information, steal login credentials, spy data, and sabotage communications.
What to do next?
- Do not provide details for any unauthorized contact and reach the IT security team to check and stop the attack.
- Company Personnel must be trained to be alert for suspicious practices. Training can equip them with the needed skills to mitigate risks at early stages.
- Change passwords to new unused ones.
2. Slow connections
Slow connectivity of your computer or network might be a sign of a cyberattack. This scenario indicates that data is being copied to a third party. Antivirus on staff computers might detect malicious activities, and the company server might warn that your IT system is under attack.
What to do next?
- Engage your IT team for further assistance and guidance.
- Avoid untrusted Wi-Fi resources
- Keep your antivirus software up to date
3. Suspicious account activities
Suspicious network activity can refer to unusual behaviors like abnormal access patterns, database activities, file changes, and other out-of-the-ordinary moves that can indicate an attack or data breach.
What to do next?
- If you detect any of these behaviors, alert your IT and security team to determine the cause and ensure your data remains protected in the future.
- Change to stronger, more secure passwords
Cybersecurity Checklist
Penetration testing
Staff training
TIP
Define responsibilities and tasks
Develop an emergency response plan
Cyber threats like Ransomware often block corporate networks. Typically, it restricts users' access until a ransom is paid. In this case, the communication will be limited and complex because the victim's e-mail system will be broken, vital records will be inaccessible, and the whole victim system will be down. In such a scenario, plans need to be in place to deal with the crisis. It is wise to pre-decide your initial responses and define strategic ones. For example:
Initial Response - Lower Level
✓ Secure all data
✓ Alert internal or external expertise, e.g., Computer Emergency Response Team
✓ Change all passwords and encryption keys
✓ Initiate actions to preserve and recover data
Strategic Response
✓ Assess prior controls and determine controls to be implemented
✓ Prepare press release
✓ Address any potential weaknesses in the system and contract with an outside organization to perform security testing