Russian Hackers Targeting Businesses In Utah

Experts anticipate a series of Russian-based cyber attacks against US targets in the near future. Discover the 5 steps you need to take right now to confidently defend your Utah business in the latest video from Nexus IT CEO Earl Foote.

Since Russia invaded Ukraine, cyber warfare has been on the rise.

On Feb. 15, Ukraine suffered a major cyberattack on its governmental and banking systems, and subsequent attacks against western targets have occurred over the past few weeks.

Do you know how to defend your Utah business against these types of attacks? Find out which steps you need to take right now in this recent video from Nexus IT CEO Earl Foote:

5 Steps To Prepare Your Utah Business For Cyber Warfare

Perform A Comprehensive Cyber Risk Assessment

No matter how much you’ve invested in your cybersecurity, you can’t just assume it’s effective enough to protect you against cybercriminals.

Consider the facts—whereas nearly 80% of IT security leaders believe their organizations are not secure enough, only 57% have invested in cybersecurity risk assessments. Don’t make the same mistake.

A key best practice for cybersecurity is to regularly test your measures to make sure they hold up in the event of an attack, and to identify any unseen vulnerabilities that are putting you at risk. The key objective of this type of assessment is to find any vulnerabilities that can compromise the overall security, privacy, and operations of your business.

Make sure this process includes a penetration test, which is an attempted breach against your business systems to disclose application, web server, or network vulnerabilities. Penetration testing keeps you ahead of the attackers by letting you in on exploitable weaknesses and gives you a chance to correct these before you lose valuable data and vast amounts of money.

Penetration testing isn’t just meant to break into your systems and show you they’re not protected properly. A robust penetration testing service will note and track all potential vulnerabilities, and distill that data into a report that you can use to fix them.

Be sure that whoever is conducting your penetration test will be preparing a report for your use after the fact. Ideally, they will meet with you to review the results, make recommendations, and even help facilitate any necessary upgrades.

All of this should help you determine where the vulnerabilities lie in your IT systems. The fact is that you can’t expect a simple cybersecurity defense to actually protect you from the many cybercrime threats out there.

The only way to effectively develop cybersecurity is through a fully managed approach that builds a culture of best practices, in combination with a range of carefully chosen technologies. This means utilizing firewalls, antivirus, endpoint protection, intrusion detection, and more.

Formulate A Gap Remediation Plan

Performing an assessment and test of your cybersecurity capabilities is only the first step. You then need to remediate: this is the process of eliminating vulnerabilities by applying the right solutions and processes, and training your staff members where necessary.

Layout your remediation process in phases, prioritizing the highest priority risks and lowest hanging fruit. This will ensure that cybercriminals can’t rely on the most obvious attack vectors to penetrate your Utah business.

Overall, the project should last no more than six months. Any longer and you’re letting vulnerabilities expose you for too long.

Don’t limit your remediation to technology only—your staff should be a part of the process too. After all, you can’t expect a firewall and antivirus solution to keep you 100% secure. Nation-state hackers know that the user is the gap in a business’ cyber armor—that’s where they’re going to aim.

That’s why cybersecurity awareness training is such a worthwhile investment. It turns your most dangerous weakness into a key strength. A security awareness training program helps your employees learn how to recognize and avoid being victimized by phishing emails and scam websites.

Formulate A WISP

A Written Information Security Plan (WISP) is a document that details an organization’s security controls, processes, and policies. This resource is meant to act as a roadmap for an organization’s IT security and is legally required by several states.

In addition to formalizing your business’ approach to cybersecurity, a WISP also creates value for your business. It demonstrates to clients, business partners, and law enforcement agencies that you take your cybersecurity seriously, and not just as an afterthought.

What Should Your WISP Include?

  • Specifying who on your staff is responsible for the management of the security program
  • Tracking, assessing, and mitigating known security risks
  • Detailing how sensitive data is stored, secured, and accessed
  • Stating how violations of your WISP are dealt with internally
  • Implementing access controls to protect against unauthorized access to data by current or former staff members
  • Listing methods for guaranteeing standards of cybersecurity in your supply chain
  • Detailing how physical access to servers, data storage devices, and hard copy information is controlled
  • A system for monitoring and improving the effectiveness of the WISP
  • A detailed breach response plan
  • How user credentials are kept secure
  • Which staff members are granted access to sensitive data and/or granted admin rights
  • How data is encrypted at rest and in transit
  • How monitoring tools are used to track system activity
  • Patch management policies for firewalls, anti-virus, and anti-malware software
  • How employees are trained to spot social engineering scams and maintain user-level cybersecurity

Formulate An Incident Response Plan (IRP)

An Incident Response Plan provides the plans, procedures, and guidelines for the handling of data breach events at your office(s), or via any of our servers or mobile devices.

The plan encompasses procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, with other organizations, with law enforcement and provides guidance on federal and local reporting notification processes.

This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.

There are three main components of an incident response plan: technical, legal, and managerial.

As part of your plan, designate specific, skilled people who are best positioned to cover those functions. Make sure you answer the following questions:

  • What information does each component need?
  • What should you expect from each component?
  • What’s the chain of command?
  • To whom does the team report?
  • Who has the authority to make judgment calls as to when the computer networks will be taken down, quarantined, or put back online?

Ensure your legal, technical, and management experts, as well as your cyber insurance carrier, approve of your incident response plan. Furthermore, make sure your response team regularly reviews and practices the plan.

Monitor, Manage and Maintain

Once the prior four steps are complete, you and your team have to commit to managing these controls on an ongoing basis. The fact is that cybersecurity is not “set it and forget it”.

You need to ensure your systems are being monitored, maintained, and tested on a regular basis. New vulnerabilities may present themselves over time, and new attack vectors may crop up in the cybercrime world.

That’s why you need to stay vigilant—if you’re going to protect your Utah business, you need to understand that cybersecurity is a marathon, not a sprint.

Harness Expert Cyber Legal In Utah

For this entire 5 step process above, we recommend executing it under attorney/client privilege to better protect your organization in the event of a cyber incident/breach. A qualified Cyber Attorney will be needed to formulate many of these legal documents and policies.

We recommend none other than our friend, Romaine Marshall, and his phenomenal Team at Armstrong Teasdale LLP.

Need Expert Assistance Defending Your Utah Business Against Russian Cybercriminals?

Nexus IT Consultants offers comprehensive cybersecurity services, including SOC, SIEM, and more, to help you adequately protect your organization against modern cyber threats, including nation-state attacks like those originating in Russia right now.