We may not be at war with Russia with our soldiers on the ground, but Russia has amplified its cyber warfare against America. In a recent Cybersecurity & Infrastructure Security Agency alert, the government is warning businesses and other organizations to take steps to reduce their risk of getting compromised and having “severe business degradation.”
“We encourage all organizations – regardless of size – to take steps now to improve their cybersecurity and safeguard their critical assets,” said the federal Cybersecurity & Infrastructure Security Agency to USA Today in March.
Since the Russian invasion of Ukraine, Fitch Ratings says cyberattacks on businesses and government agencies in the U.S. have increased by 1,885%. That’s not a typo. Attacks have surged 21% against retailers, 152% against educational institutions and 755% against government and healthcare.
More news broke in late March that election officials in nine states received phishing emails designed to steal credentials. The emails contained links to websites that asked for personal login information. The coordinated attacks would have given bad actors “sustained and undetected access” to the election systems, according to the FBI. The law enforcement agency expects the targets will continue or increase leading up to this November’s midterm elections.
Last year, cybercrime cost the world $6 trillion. Experts believe it will cost $10.5 trillion annually by the year 2022. If you haven’t already, it’s time to prepare for the worst.
“Cybercrime can ruin a company’s reputation, steal its customer and proprietary data and raid them financially with a few keystrokes. With the shocking increase in attacks in the last few months, businesses need to do everything possible to protect themselves, not just mitigate the damage after an attack. We created Red Maple software Clever Division so businesses can start playing offense,” said Patrick Hodo, CTO of Red Maple.
Statistics show cyberattacks hit half of all small to medium businesses. Sixty percent of those companies go out of business within six months of a breach. Red Maple’s solution Clever Division helps prevent major financial loss and business disruption by using two-factor authentication to collect and confirm credit card numbers without ever entering the entire number to a single database. That means if hackers break in, they won’t find complete credit card information. Yet the two-factor authentication system is designed to still make it easy for customers to buy goods and services online, by phone, email, and text. Cyberthieves are less likely to target a company’s website and database if they know Clever Division has scrambled, separated, and secured its customers’ valuable credit card information.
Red Maple’s software also prevents internal theft because employees can’t write down or otherwise obtain customers’ full credit card information to use or sell at a later time. That’s important to know because organizations lose up to 5% of their revenue from employee fraud and occupational abuse every year, according to the Association of Certified Fraud Examiners. Even worse, fraud case statistics show 59% of ex-employees admitted to stealing a company’s sensitive information before they left the job. That’s simply not possible to do when businesses use Clever Division software that separates and secures data.
The government is warning that cybercriminals are also using the war in Ukraine to get rich by defrauding the average American, your customers, with more malware, phishing attacks and outright scams. Experts predict scammers will intensify their efforts the longer the crisis continues.
Intelligence Analyst Allan Liska at the Recorded Future told grid news that “Cybercriminals take advantage of whatever situation is out there and whatever situation is in the news.”
Playing offense and defense
With the war and looming elections, businesses and even consumers need to be on high alert at work and home. NST experts offer this advice to help prevent attacks:
- Limit employee access to your data and information.
- Install surge protectors and uninterruptible power supplies.
- Patch operating systems and software regularly.
- Install and activate software and hardware firewalls.
- Encrypt sensitive business information
- Train your employees to guard against security threats.
The U.S. Cybersecurity Advisory recommends organizations take these steps in the event of a cyberattack:
- Containment: Immediately isolate affected systems.
- Secure Backups: Ensure your backup data is offline and secure. If possible, scan your backup data with an antivirus program to ensure it is free of malware.
- Conduct an investigation: Collect and review relevant logs, data and artifacts to analyze the nature and scope of the threat actor activity within the environment.
- Remediation: Consider soliciting support from a specialized cybersecurity firm to ensure that any bad actor is eradicated from the network and avoid residual issues that could result in follow-on exploit attempts.
- Report incidents to applicable regulators and law enforcement.
Even with constant and increasing cyberattacks from Russia and elsewhere, businesses can protect themselves by putting the right systems in place and working quickly to mitigate the damage.