As soldiers and civilians battle in the streets of Ukraine, Canadian businesses and organizations are being warned to prepare for an increased threat of Russian cyberattacks and malicious software.
The warning comes from the Communications Security Establishment, a federal government agency responsible for providing the Government of Canada with information technology security and foreign signals intelligence.
CSE spokesperson Ryan Foreman told The Globe and Mail that “Russia has significant cybercapabilities and a demonstrated history of using them irresponsibly.”
This warning follows a report released earlier in February by researchers who say that the vast majority of ransomware revenue goes to Russian-linked hackers.
Researchers from Chainanalysis said 74 per cent of the $400 million in crypto-currency payments went to accounts “highly likely to be affiliated with Russia," according to an article by BBC News.
What This Means for Businesses and Organizations
Whatever your current level of security is, it's time to take it up a notch. There are actually several layers of cybersecurity best practices to consider, including:
- Security Level 1 — Network Cloud Infrastructure
- Examples: Multi-factor authentication, physical site security, and anti-virus protections
- Security Level 2 — Security Analytics and Policy Management
- Examples: Secure Score Tenant Analytics, SharePoint for public sharing
- Security Level 3 — Access Management and Compliance
- Examples: Identity and access management, cloud app security
- Security Level 4 — Advanced Security Monitoring and Response
- Examples: AI intrusion protection, SIEM
Put protections in place: Do you utilize multi-factor authentication so that a hacker can’t easily log into an email account? What about the firewall? What do you have in terms of end-point security on corporate computers? Have you installed Advanced Threat Protection via Microsoft?
Be aware of phishing attacks: Phishing emails often have specific characteristics that make them stand out. For example, the grammar will be incorrect, or the fonts will look odd. That’s because a lot of phishing emails are being generated by bots. You only connect with the person once they’ve got you on the hook. They will often also email at odd times, like the middle of the night.
Create a Proactive Security Process: It’s important that you do not have an attitude of “set it and forget it” when it comes to cybersecurity. Things change – quickly – so it’s important that your IT person/team regularly audits, reviews, and realigns your cybersecurity to best meet the needs of your organization and employees.
Free Cybersecurity Threat Analysis