Cybersecurity in Times of International Conflicts: How to Protect Your Organization

On June 28, 2022, the Baton Rouge General Medical Center in Louisiana lost its electronic medical record and patient system to a cyberattack. WAFB9 reported that the organization switched to “old-fashioned paper” healthcare to avoid a complete collapse of its medical services.

24 hours earlier on June 27, in Tennessee, Geographic Solutions Inc. — a workforce and unemployment benefit provider —  was taken offline. The Washington Post reported that more than 12,000 residents of Tennessee did not receive unemployment payments due to the attack. On June 27, Macmillan Publishers in New York were forced offline by a ransomware attack. On June 14, in El Paso, Texas, the operations of an automotive supplier were disrupted. On June 11, the Guadalupe county of Texas reported a network breach, and the same day Rhode Island’s Newport municipal government servers went down.

Now, these cyberattacks have shifted from public utilities and infrastructure to attacks targeting all industries and sectors. The Cybersecurity and Infrastructure Security Agency (CISA) says that there is one cyberattack every 39 seconds, and 43% target small businesses. In the backdrop of international conflict — the ongoing Russian invasion of Ukraine and U.S. tensions with Iran, China, and North Korea — and the extensive network of transnational cybercriminal organizations, the risks of cyberattacks have increased to crisis levels.

However, Russian-linked attacks are far from being the only threat. The Annual Threat Assessment of the U.S. Intelligence Community of February 2022 of the Office of the Director of National Intelligence (DNI) warns that China, Iran, North Korea, South Asia, transnational organized crime, illicit drug cartels, terrorist, money laundry, and cybercrime organizations are also a threat to American organizations.

Cyberattack tactics and trends

The most used tactics and trends in 2022 include phishing and ransomware. Faced with improved  security posture from the organizations they're targeting, cybercriminals are increasingly turning to phishing attacks, where they look for the weakest point of entry: the organization's workers or their third-party partners

In phishing campaigns, attackers mimic official organizations utilizing email, phone calls, SMS, and online mechanisms to trick users into giving out sensitive information or downloading malware.

Ransomware is another global trend where malicious actors take control of an organization's system or sensitive data, often forcing a shutdown of company operations. To combat this risk, it's advisable to have an updated disaster recovery plan (DRP), backup your data, and never pay the ransom should an attack be successful.

“Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” CISA says.

Ransomware attacks are also becoming more aggressive, with trends revealing attacks that destroy data instead of encrypting it. Cybercriminal services-for-hire has transformed ransomware into a professional market, CISA says.

Other common mechanisms for attack include:

• Cyber espionage: Stealing information and intellectual property to gain a competitive advantage.
• Zero-Day: Complex, often multi-vector attacks that capitalize on a previously unknown software vulnerability.
• Distributed Denial-of-Service (DDoS): A malicious flood of traffic to a targeted service, server, or network to disrupt regular traffic and/or crash the service.

Counter-disruptive cybersecurity: How to protect your organization

In today’s intensive rate of attacks, it is not a matter of “if” but of “when” an attack will happen. Therefore, the best defense is the fortification of the security ecosystems and a proactive approach.

Incident response plans (IRPs) and disaster recovery plans (DRPs) are of paramount importance, allowing organizations the opportunity to rapidly detect, isolate, respond, and manage an attack and also quickly restore and recover. These systems register incidents and can be used to learn more about attacks.

Off-grid backups and encryption are key for an incident response plan because, with them, organizations can restore their environment without the need to pay the ransom to recover the data.

To detect breaches, leading organizations use next-generation firewalls (NGFWs). They combine the features of traditional firewalls with other security technology such as; in-line deep packet inspection (DPI) and intrusion prevention system (IPS). NGFWs can detect threats in seconds, providing real-time visibility, and they can be deployed on-premises, in cloud networks, or via a hybrid approach.

Other security technologies and best practices include:

• Endpoint Detection and Response (EDR): The go-to technology to monitor all endpoint devices, from computers, to smartphones or IoT. EDR can detect a cyberattack, alert, and respond with automated remediation.

• Security Information and Event Management (SIEM): They provide a 360 real-time vision of an entire IT infrastructure, can scan massive amounts of data very rapidly, and alert security teams of any suspicious activity.

• Cybersecurity Training and Security Culture Programs: Employee negligence and malicious acts account for two-thirds of all cyber breaches. By integrating cybersecurity into a company's culture, making it a foundational component of an organization's policies and programs, employees of all levels and departments will be more educated against threats.

• Identity and access management: More than 90% of attacks can be prevented with the use of multi-factor authentication (MFA) and Single Sign-On (SSO).

• Cloud Security: From migration to cloud operation, the security of the cloud is a great challenge. Tightening configurations around databases, operating systems, and network access cloud environments are key.

While this new wave of cyberattacks — taking place in backstage of complex international conflicts — has created an unprecedented and urgent cybersecurity crisis, organizations and businesses can protect their data by incorporating foundational security practices.

Making informed decisions, updating tech and infrastructure, drawing up a security plan, and implementing a cybersecurity culture across the entire organization is today the best defense against cyberattacks.

-Taylor Hersom, Founder and CEO of Eden Data