When a political crisis escalates, the threat of a cyberattack against Western businesses tends to increase in response. There are steps that you can take to ensure you have a solid plan should there be an attack against your business. Additionally, it’s important to understand how cyberattacks against your vendors and clients could affect you – what is your ability to get goods or services? What happens if your clients can’t pay you? You should have real contingency plans around communications, operations, financials, and privacy. Whether you are cloud or server based, there are always places you can be vulnerable.
Make a list and check it twice
If you don’t already have them in place, here are some actionable steps you can take in preparation against a large-scale cyberattack.
- Have a pre-planned communications and decision process: Alerting employees about the likelihood of advanced phishing attacks, misinformation campaigns, and attempts by cyber attackers to compromise corporate systems is key to reducing exposure to these vectors. Notify all employees to be more cautious and to report any suspicious emails or files as soon as possible. Establish who calls the shots and who communicates the plan in the instance of an attack. Security teams should monitor communications about politically sensitive topics and consider putting an incident response playbook in place to address potential security issues.
- Minimize your attack surface: Organizations should validate their security posture by looking for exposed network perimeters. It's a good idea to deploy endpoint detection and response (EDR) to gain broad protection and visibility across your environment. Monitor outbound traffic for signs of malware on the network calling out to a command-and-control destination. Though nation-state malware can be extremely hard to spot, in most cases the malware has to communicate somehow. Also, make sure that you do not have old employee or vendor accounts active. If possible, limit the number of administrators you have and do not use an administrator account as your regular login.
- Execute the basics: Preparing for these threats requires paying attention to the security basics. Organizations should pay attention to their Windows environments by enabling multi-factor authentication across Microsoft 365, G Workplace, and other similar environments; disabling legacy authentication; and blocking macros from running in Microsoft Office environments. Ensure your routers are updated, have a secure password, and do not expose the admin interface to the world. Make sure you’re up to date on patching and using backups are more critical than ever.
- Collaborate with your security team: Whether you run an in-house security center or have outsourced to a trusted Managed Services Provider, your organization's security team needs to take a proactive role in your preparations for cyber conflict and defense in depth. Clarify their processes and communication channels. They should be in frequent communication with you regarding current affairs that can threaten your security posture, any known threats that can impact your business, and a plan of action should an incident occur.
Lloyd Group leads with a security-first mindset and has been securing organizations’ security postures for over 25 years. Contact us to discuss your current security stance to ensure your company is prepared for any possible threats.