Prepare Your Business for Possible Cyber Attacks

February 27, 2022

As the world watches the invasion of Ukraine by Russia, we here in the United States are unfortunately not immune from the situation and neither are our businesses.

As President Biden and our western allies level sanctions on Russia, options for cyberwarfare against Russia are being planned and executed against Moscow. Official Russian government websites have already experienced outages and disruptions and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of retaliatory cyber-attacks on U.S. infrastructure and businesses. Now is the time for your business to prepare for this possibility.

Nick Espinosa, MCAA’s Chief Security expert, advises the following steps be taken as soon as possible:

  1. Update all operating systems and defensive technologies within your company (and homes). Any firewalls, Windows/MacOS/iPhone/Android operating systems, Antivirus, Endpoint Detection Response Systems, infrastructure equipment such as wireless access points, and other software should be up brought up to date. The CISA has published a list of the top hardware and software that Russian intelligence tends to exploit. Consider any of these products a top priority for updating:
  • FortiGate VPNs
  • Cisco routers
  • Oracle WebLogic Server
  • Kibana
  • Zimbra software
  • Exim Simple Mail Transfer Protocol
  • Pulse Secure
  • Citrix Servers
  • Microsoft Exchange
  • VMWare (note: this was a zero-day at time.)
  • F5 Big-IP
  • Oracle WebLogic
  • Microsoft Exchange Servers
  1. Enable Multifactor Authentication wherever possible, including Microsoft Office 365, other cloud logins, backup systems (if possible), financial institutions and anywhere else critical information is stored for your business. Free authenticator apps include Authy, Microsoft, Google and more. Ideally planning for an Identity Management solution is recommended, however given the timeframe of possible attacks, using the free options are significantly better than doing nothing.
  2. Ensure that all computers and devices are accounting for and have your Antivirus or Endpoint Detection Response installed. A computer missing this critical software could become the entry point for an attacker to gain access into your data and network or shut you down.
  3. Double check all backups. Make sure they are current and actually work. Studies have shown that many company miss critical data when they backup. Also, restorations of data need to be tested as well. Finally, having a backup that is ideally in the cloud (or at least off-site) will ensure that if you need to restore data in an emergency you have a safe copy.
  4. Alert all employees of these possibilities and make sure they maintain heightened vigilance and on the lookout for suspicious emails, odd behavior from their computer or devices, unusual slowness of the internet and more. Let them know that it’s important they notify IT or a manager as fast as possible if they suspect a problem. In a cyberattack we want accurate information as much as we can, but what is worse is the employee who experiences a problem and doesn’t say anything. In an emergency, shutting off the possibly infected computer and also the internet will help stop an attack or the spread of an infection.
  5. If your business has next generation firewalls and/or Identity Management solutions, enable as much logging as you can and also enable geo-blocking for all incoming internet traffic except for traffic originating in the USA. This will help immediately drop any foreign internet connections attempt to look at your infrastructure or logins. Make sure to account for any employees that workout from outside of the United States or are traveling abroad at this time.
  6. If your business has industrial control systems, conduct a test of manual controls to ensure that critical functions remain operable if your network is knocked out or known to be compromised.

These seven points are by no means comprehensive to a complete Cybersecurity solution, however these are the most critical points that need to be addressed as soon as possible.

It is important to note that a cyber-attack in which foreign intelligence agencies are involved, tend to not look like the traditional ransomware attacks we hear about in the news. The primary goal for Russian intelligence would be to be as disruptive to infrastructure as possible. They won’t take the time to lock out your data and ask for money. They will simply attempt to either kill your infrastructure, destroy your critical data, or plant dormant infections in your network for later activation and then quickly move on to the next target.

Their first goal, however, is disruption of the overall infrastructure of the United States. In this vein, it is important to note the following could be possible disruptions for your business:

  • Loss of internet via your Internet Service Provider due to attack on them.
  • Loss of electricity.
  • Loss of water and waste water availability.
  • Loss of traditional communication systems such as telephone lines.
  • Disruption of satellite services (TV, GPS, Communication etc.)
  • Disruption or outages of apps and services (i.e., airline/travel apps, credit card machines at local retail stores, video streaming services, financial/banking access etc.)
  • Disruption of local government services (paying bills, 911 call centers, traffic infrastructure etc.)

MCAA will continue to provide guidance to help safeguard your businesses, and homes from cyber attacks.

Related Articles
MCAA’s Virtual Trade Show connects our contractor members with the members of MCAA’s Manufacturer/Supplier Council.…
Winger Companies tackled two challenges—the growing scale of its fabrication projects and a tight labor market—with Watts-Mueller machines that allowed them to do more with fewer people. General Manager Mike Smith said, “We increased our finished fabrications while cutting the cost of both consumables and manhours.” …
Head injuries are preventable…all 50,000 per year! To celebrate 20 years of safety excellence, MCAA is releasing five impactful videos in 2023 to help improve safety & health across the entire industry.…
To maintain project schedules and costs, mechanical contractors must purchase major equipment and materials as soon as they receive the notice to proceed. MCAA’s Why Mechanical Contractors Should be Paid for Materials Stored On and Off the Jobsite explains the importance of prompt payment for material storage, insurance and handling in maintaining working capital. It’s just one of MCAA’s educational resources that are free to MCAA members as a benefit of membership.…

3 days left to secure early bird pricing for the 2023 MEP Innovation Conference powered by @TrimbleCorpNews @MilwaukeeTool @procoretech! 3 days with over 30 breakouts, 5 demos, 4 general sessions, 3 facility tours, and lots of networking >> http://ow.ly/KVhc50LQtsA

Winger Companies tackled two challenges—the growing scale of its fabrication projects and a tight labor market—with @WattsMueller machines that allowed them to do more with fewer people.

http://ow.ly/bh2v50LHtIZ

Load More...