IT Tips & Tricks
Published 14 March 2022
How to Protect Your IT Fortress in the Wake of War
A boots-on-the-ground war inevitably leads to an increased risk of cyberattacks. This article contains some important tips to help CIOs and Network Admins prepare for the inevitable.
As the invasion of Ukraine continues, most of the world watches in outraged disbelief as images of war light up screens, small and large. Obviously, the most important aspect is the toll it’s taking on humanity, which is first and foremost. We in the IT industry know that digital weaponry is coming into play and even those not directly targeted may see collateral effects on networks and data that extend far from Eastern Europe. In a cyber war, it’s the IT pros who are on the front lines.
The public outpouring of support for Ukraine is massive and the economic sanctions that various governments have imposed have resulted in Russia's stock market remaining closed as of 25 February.
These measures are intended to hamstring Russia’s access to various financial resources, including more than $600 billion in foreign currencies and gold — mostly on paper — the bulk of which is not held in Russia, but in banks around the world. Between sanctions by the US, European allies and a host of other countries, Russia now faces the all-but-impossible task of trying to retrieve that money or wage a war despite the inaccessibility of these funds. Unable to access funds if needed, where do you suppose the Russians could turn for the cash to help bankroll their war?
In a cyber war, it’s the IT pros who are on the front lines
Which particular industry has had some financial success — whether sanctioned at Russian government level or not — in the last couple of years? If you’re thinking hackers and ransomware, you’re probably on the right trail. If you think the likelihood of increased Russian malware is a long shot or merely a rumor, here are the facts.
Sanctions at work: the Moscow Exchange, closed and silent.
Per Forbes, “Immediately after the conflict broke out, suspected Russian-sourced cyber-attacks were observed over a 48-hour period at an increase of over 800%. US cybersecurity agencies, the FBI, and the Department of Homeland Security have all shared high alerts covering threat levels, preparedness, and response. This is as critical as it can possibly get. Hostile cyber warfare is one of the primary tools of the modern global military today, and there is little doubt that this series of global events have been planned for some time. Historically speaking, nefarious state-sponsored cyber-activities have escalated when geopolitical tensions are high.”
Whether to raise funds or simply as a means of vengefully lashing out, the risk of malware emanating from Russia is currently a very real threat.
While ransomware may be a primary tool for fundraising, disruptions could also appear in the form of DOS attacks (denial of service), viruses, worms, Trojans, bots, spyware and more. One of the most common but effective tactics used by Russian state-sponsored advanced persistent threat (APT) actors, however, is the exploitation of known vulnerabilities to gain access to target networks. Per the Cybersecurity & Infrastructure Security Agency, vulnerabilities with a history of exploitation include:
- FortiGate VPNs
- Cisco router
- Oracle WebLogic Server
- Zimbra software
- Exim Simple Mail Transfer Protocol
- Pulse Secure
- Microsoft Exchange
- VMWare (note: this was a zero-day at time.)
- F5 Big-IP
- Oracle WebLogic
Unable to access funds if needed, where do you suppose the Russians could turn for the cash to help bankroll their war?
For updates and further information on any of the above, feel free to visit the CISA site. Russian cyber operations may also specifically target operational technology (OT) or industrial control systems (ICS) networks with destructive malware. The Cybersecurity & Infrastructure Security Agency (link above) provides advisories and alerts with information on numerous cyber-intrusion campaigns.
“Once More Unto the Breach”
King Henry the Fifth spoke these words — penned by Shakespeare — to encourage his soldiers in battle. While they’re appropriate for the besieged Ukrainians, the sentiment can also be applied to IT departments and cybersecurity professionals around the world right now, when the threat of a data breach is a very real concern.
Updated information on known vulnerabilities is available on the CISA website.
The latest data breach report by IBM and the Ponemon Institute is based on data gleaned from almost 3,500 interviews, based on 537 breaches in 17 countries, and across 17 industries. The purpose of the report is to help businesses reduce data breach costs by addressing cybersecurity risks and improving their overall security posture. The report factors in hundreds of cost considerations such as legal, technical, loss of brand equity, customer turnover and the drain on employee productivity amongst others. Interestingly, it also shows that the cost difference between a ransomware breach and a data breach is less than you might anticipate.
Cost of Data Breach: Top 13 Key Findings
- In 2021, the average cost of a data breach was $4.24 million, a ten percent increase from the 2020 findings.
- Where remote work was a factor, the average breach cost was $1.07 million higher. The most likely explanation for this is that it can take longer to identify the breach when there’s a high volume of remote employees. In businesses with 50 percent remote staffing, it took at least 58 days to identify and contain the data breach.
- The cost of a data breach is highest in the healthcare industry, with the average cost rising from $7.13 million in 2020 to $9.23 million in 2021.
- Up to 28 percent of the cost of a data breach comes from the cost of lost business due to system unavailability during a cyberattack.
- Personally Identifiable Information (PII) is one of the most common and most expensive types of data that is lost or stolen in a data breach, averaging about $180 per customer.
- Compromised credentials, such as business emails, are the most common attack vector. The top four vectors and their financial impact are:
- Business email compromise: $5.01 million
- Phishing: $4.65 million
- Malicious insiders: $4.61 million
- Social engineering: $4.47 million
Suspected Russian-sourced cyber-attacks were observed over a 48-hour period at an increase of over 800%.
There’s an excellent article here that discusses cybersecurity insurance, disaster recovery, battle-plan basics, and general security tips that align with point six above.
- Time is of the essence. The longer a breach remains undetected, the higher the financial impact. Data breaches identified and contained within 200 days cost an average of $3.61 million. Breaches that took over 200 days to identify and contain had an average price tag of $4.87 million.
- Mega breaches — breaches that involve 50 million records or more — cost 100 times more than the data breach average. In 2020, breaches involving 50 million to 65 million records cost $392 million. By 2021, that figure rose to $401 million.
- Zero trust architecture (ZTA) makes sense and cents. Companies that implemented zero-trust strategies paid an average of $3.28 million for a data breach. Companies with no ZTA paid a lot more: an average of $5.01 million.
- Security AI and automation controls help businesses detect and contain data breaches much faster, which ties in with point seven, above. The implementation of security AI and automation controls, can, in fact, reduce data breach costs by up to 80 percent.
- Hybrid Cloud-environment data breaches cost an average of $3.61 million, which amounts to 23 percent less than data breaches in other forms of Cloud environments such as public, private or on-premises.
- High degrees of compliance failure cost businesses, on average, an additional $2.3 million more for data breaches than businesses that are fully compliant.
- Ransomware breaches are only marginally more costly than a data breach: $4.62 million for ransomware as opposed to $4.24 million for a data breach.
The overall consensus is that when it comes to an undetected data breach, time is not on your side. The longer a breach remains undetected, the larger the amount of sensitive data the cybercriminals can exfiltrate. Obviously, the cost of delayed detection is further compounded by system outages that result in revenue and customer losses.
256-bit AES encryption and an incident response team are your best bet for reducing the cost of a data breach.
Reducing the Cost
Per the IBM and Ponemon Institute report, an organization is currently 31 percent more likely to experience a breach within the next two years than it was back in 2014. That’s without factoring in circumstances such as Russia’s current war against Ukraine and the economic cold-shoulder the Russians are getting from the West. But how can organizations reduce the cost of a data breach? Per the IBM report, there are four key factors:
- The use of encryption,
- Data loss prevention,
- Threat intelligence sharing, and
- DevSecOps (Development, Security and Operations).
Of these, encryption had by far the largest positive impact in reducing costs. Organizations relying on high-standard encryption methods (at least 256-bit AES encryption) had an average breach cost of $3.62 million. Organizations using a low-standard encryption method — or no encryption method at all — saw an average cost of $4.87 million. Interestingly, organizations that additionally followed a well-rehearsed incident response plan after a breach, were able to further lower costs by an additional $1.83 million, making the overall average cost of a data breach $1.79 million. High-standard encryption and an incident response team with a detailed playbook could literally save your organization millions of dollars.
Cloud Choices for Future Security
The IBM report may have you reconsidering your Cloud options and seriously contemplating a hybrid Cloud environment. This may necessitate a data migration, another IT area fraught with difficulties. Per Gartner, 83 percent of data migrations either fail outright or exceed their allotted budgets and implementation schedules.
Data loss is almost a given since the migration process itself can create broken file links. As though the missing data isn’t bad enough, IT departments end up having to contend with downtime, disgruntled end-users, potential loss of revenue and disenchanted bosses, all of which can be avoided through the expedient use, before your migration, of LinkFixer Advanced™.
Per the Cybersecurity & Infrastructure Security Agency, vulnerabilities with a history of exploitation include …
This first-of-its-kind software handles links in such a way that linked files remain connected upon completion of a migration, eliminating the resultant data loss. LinkFixer Advanced can also be deployed after your migration is already complete, restoring any missing data you may have due to broken links.
Rapid Response Ally
Perhaps the true beauty of LinkFixer Advanced lies in its astonishing speed. In the time it takes most IT professionals to find and fix a single broken link, LinkFixer Advanced can repair about 6,000 of them. That frees you up to focus on more important things.
For more information about LinkFixer Advanced, visit www.LinkTek.com or call 727-442-1822 to speak to a friendly Service Consultant about a live demo or a no-credit-card-required free trial. Ask them to tell you about the third way LinkFixer Advanced can be used.
Feel free to share this article on your social media: