I bought some extra water because of recent events. I know, cyberattacks may not hit infrastructure–though there are cyberattacks right now in Ukraine, reportedly Russian state actors have not yet attacked infrastructure–but that’s the extent of my prepping. Things over there have continuously escalated, with Russian attacks on civilians, so no one knows what’s going to happen.
Biden: we will “use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.”
Slightly comforting.
Biden: There is “evolving intelligence that the Russian government is exploring options for potential cyberattacks.”
The government claims to be ready, but your enterprises and SMBs may not be.
https://www.cnn.com/2022/03/22/politics/analysis-biden-warning-putin-cyberattack-us/index.html
There is something that you should be doing right now as an SMB or enterprise: MFA should no longer be optional. It’s a comparatively small measure considering what could be in way of an attack.
The government made these suggestions, which are a good summing up:
– Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
– Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors
– Back up your data and ensure you have offline backups beyond the reach of malicious actors
– Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
– Encrypt your data so it cannot be used if it is stolen
– Educate your employees to common tactics that attackers will use over email or through websites
– Work with FBI and CISA to establish relationships in advance of any cyber incidents