As the conflict in Ukraine drags on, some experts fear that the chance of cybersecurity-related incidents will only increase in the USA. Managed Service Providers (MSPs) are well-positioned as the guardians at the gate for many companies and should play a front-line role in defending clients against potential state-sponsored attacks.
The most significant vulnerability in preparing for state-sponsored attacks isn’t a missing patch or an inadequate firewall, although those need to be assessed. The weakest link, as is typically the case, is humans.
“The biggest weakness in defenses is complacency. An MSP in Nebraska thinks they are somehow immune because most of their clients are in the heartland and businesses far from the front lines, but they are not,” declares Michael Carter, an independent cybersecurity analyst based in Philadelphia. “In fact, if a company is in the heartland, they may become more of a target.”
“This MSP in Nebraska, for instance, may have a bunch of agri-business clients. The food supply is exactly the type of target that a state-sponsored attack might be drawn to. And even if the MSP’s clients are simply peripheral to agriculture, manufacturers that make shipping containers for grain companies would be considered a secondary supply chain point and vulnerable. All an attack has to do is disable a couple of key links in the supply chain, and it can all come crashing down,” warns Carter.
Cybersecurity steps to take for immediate action
The Center for Cybersecurity and Infrastructure Security, part of the Department of Homeland Security, issued a cybersecurity alert when the crisis in Ukraine first unfolded, advising these immediate cybersecurity steps:
- Enable multifactor authentication
- Set antivirus and antimalware programs to conduct regular scans
- Enable strong spam filters to prevent phishing emails from reaching end-users
- Update software
- Filter network traffic
“These are all common steps to follow at any time, but, again, complacency is the enemy,” Carter says.
Additional ways to defend against state-sponsored attacks
Carter outlined a few more recommended steps businesses can take to protect themselves including:
Conflict-specific user training:
“This is among the cheapest weapons available during the current conflict. Again, people may think the war is far away, and they couldn’t be drawn into it, but someone in Memphis can fall for a phishing link and cause mayhem throughout the ecosystem,” Carter suggests.
Prepare for paper:
A state-sponsored attack aims to paralyze completely, and an MSP needs to be prepared for that. It seems almost absurd that in today’s era of IoT, AT, and 5G, we would even be having a conversation about paper and pens, but as Carter points out, that is an intelligent conversation.
“A state actor wants to shut as much down as possible and sow as much mayhem as possible,” he says.
Carter advises the most low-tech solution: paper. “Make sure you can operate the business using paper and pen if it came to it” he urges.
That isn’t possible with every business, but there was life before connectivity, and a great backup plan to survive a total shutdown is to have the ability to go without being online for a limited period. “Having some old clunker computers that don’t connect but do compute can also be helpful in a total shut-down situation,” Carter continues.
Ultimately, the business must decide how or whether to operate if all the networks went down. While how a company runs, in that sense, would be beyond the scope of a typical MSP, a seamless transition from connectivity to disconnectivity would be something that should involve all stakeholders.
Carter says some companies should consider removing social media from all desktops.
“Social media can be used in so many ways during attacks, and while they can have business value, depending on the enterprise, right now I am advising clients that it isn’t worth the risk. So, removing social is one step everyone can take,” Carter recommends.
As an MSP, if you are in the medical IT ecosystem, make sure you network and communicate with others in the same space. By detecting threats and incidents that others face in the same silo as you are operating in, you’ll all be wiser and ready for threats.
“If two medical clinics in your city have experienced attacks, then there is a pretty decent shot the clinic you provide IT services for is probably next. There is definitely inherent value in communicating with those in like spaces,” Carter says.
The FBI alert goes on to say:
“Executives and leaders are encouraged to review the advisory, assess their environment for atypical channels for malware delivery and/or propagation through their systems, implement common strategies, and ensure appropriate contingency planning and preparation in the event of a cyberattack.”
Carter says the keywords in the advisory are planning and preparation. “This is going to be different for every MSP and their customers but preparing now can save you and your customers a lot of grief later,” he concludes.
Photo: sarayut_sy / Shutterstock