Enhancing your cyber security posture
With the situation in Ukraine escalating, the Australian Cyber Security Centre has suggested Australian businesses “urgently adopt an enhanced cyber security posture”. While the recommendation is solid, it’s not obvious what an “enhanced cyber security posture” would look like for a small business.
Instead of boiling the ocean, let’s explore a few specific scenarios your business should be preparing for.
Note: The following headlines are fictional…
“Craft-breweries offline in out of control Russian wiper outbreak”
Russia has been implicated in ransomware attacks for years, with one of the most devastating in recent history having been triggered from this exact conflict. The 2017 NotPetya ransomware attack caused major disruption globally after uncontrollably spreading from a Ukrainian tax preparation app into the networks of multinationals and their partners.
Similar attacks are already underway in Ukraine, with some of the usual care taken to minimise damage likely to be put aside. For example, recent attacks appear to be less interested in leaving ransom demands in exchange for getting data back, instead many are simply going in and deleting it with no option for recovery.
If the thought of losing access to all your business data worries you (and it should), here's what you should be prioritising:
Check that your critical data and systems are being backed up. Make sure the backups are stored offsite and know how to recover from them if necessary.
Check your key systems for any missing security updates and install them. If it’s critical, update it today!
Look for ways to stop your team accessing dodgy places online. Look into DNS filtering solutions if you haven’t already.
“Aussie office printers attacking Ukraine banking sites”
The big cyber news coming out of Ukraine in recent weeks has been ongoing DDOS attacks targeting government departments and banks. These attacks flood systems with traffic, making them basically unusable. They’re hard to stop as they are typically launched from machines all over the world that often don’t even know they’re participating in the attack.
While your business probably won’t be targeted by Russian hackers this week, there’s every chance a device in your network could be used in one of these attacks. A rogue printer on your network smashing away at a Ukrainian banking website won’t just use up your bandwidth, but could also get your network blacklisted, or shut down entirely.
If you’re not sure if the devices on your network are sending traffic to Ukraine, here are some steps you should be taking:
Run a discovery scan across your network to see what you have. If something unexpected shows up, track it down and remove it.
Check in on your firewall. In particular look into how traffic leaving your network is controlled and put restrictions in place to block dodgy behaviour. If you don’t have a firewall that lets you do this, look into getting one. DNS filtering might be a quick and easy step to take in the meantime.
Take that list of things on your network and check that everything is up to date. Install any missing security updates ASAP.
“Tampon deliveries delayed by Russian supply chain interference”
Technology underpins every business in some way. Technology has unlocked endless opportunities and made it possible for us to work across borders, drawing on skills and resources world wide. For those of us working with international teams, or relying on internationally hosted systems, disruptions in the Ukraine could have very direct consequences.
It’s estimated over 200,000 Ukrainians work in tech, possibly contributing to something in your supply chain. If a New Jersey based feminine hygiene business has a reliance on Ukrainian graphic design, who’s to say what role their economy may play in your business?
If disruption to your suppliers is something you’re concerned with, take some time this week to:
Review your key suppliers and see if there’s any Ukrainian or Russian relationship to manage.
Review your business continuity plan and ensure you have measures in place to continue operating if something critical is impacted.
“Australian spread recipe secrets stolen from distracted manufacturer”
Finally, while all the focus is on Russia and Ukraine at the moment, that doesn’t mean other nations and cyber criminals are taking a cyber holiday. More likely, many attackers would be seeing opportunity in the chaos.
Scams, phishing and other sophisticated attacks will use the distraction of a ‘cyber war’ to catch you and your team off guard in the hopes of extracting money or data from your business. While there are new things to be worried about, an enhanced cyber security posture means you’re also continuing to work on protecting your business more generally.
No matter where things head, it’s critical for all of us to keep working on the cyber fitness of our businesses.
Updates to these concerns, and many more, are made in our Cyber Fitness Platform regularly to help you stay on top of things and keep up your ‘enhanced cyber security posture’.