Reading time: 9 minutes
The United States is at an elevated risk for ongoing malicious cyberattacks from abroad. Will they increase in frequency and intensity? Only time will tell.
However, in the past seven years, we’ve had front row seats to several of Russia’s pre-meditated cyberattacks on the Ukraine’s virtual infrastructure. Some attacks are as recent as the one that took place on February 23, 2022. In this case, a “mass DDoS attack,” took out the Ukrainian government’s websites rendering them inaccessible. (DDoS stands for “distributed denial-of-service.”) This particular attack was the Ukraine’s second DDoS network disruption in eight days. The first DDoS attack impacted multiple government sites and several state-owned banks, including PrivatBank, and spam text messages were sent to Ukrainian citizens warning that ATMs were not going to work. The second DDoS strike compromised the country’s Ministry of Defense, Ministry of Internal Affairs, and multiple Ukrainian bank websites.
As spectators of these DDoS attacks, it can be easy to think that we’re safe, that we won’t be attacked. This couldn’t be further from the truth. In truth, these modern-day breaches are shedding light on our own nation’s cybervulnerabilities. They deliver clear warnings that we should all heed.
Now’s the time to learn everything you can to prevent similar attacks from harming your business and livelihood. Part of this is understanding the nature of the attacks and global forces that are driving them.
What kind of cyberattacks are we seeing?
“Ukraine has the unfortunate designation as being Russia’s test kitchen for some of their cyber tools,” according to Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). This provides Russia the access to effectively try out and refine their cyber weapons, prior to unleashing their 2.0 and 3.0 versions on multitudes of innocent victims.
For example, the Russians took down the Ukrainian electrical grid twice, both in 2015 and 2016. Then, in June of 2017, the Russian military launched the most destructive cyberattack in history, known as the NotPetya attack.
In this instance, the Russians unleashed sophisticated ransomware on multiple Ukrainian government institutions as well as global companies that officed within Ukraine’s borders. More recently, February 2022 (and as previously mentioned), Ukraine fell victim to a series of Russian denial of service attacks. One of them was named the HermeticWiper, a deadly data-destroying malware virus. This virus was so lethal, that it infected Lithuania and Latvia’s network connections in the blink of an eye.
Unfortunately, the United States isn’t immune from state-sponsored Russian cyberattacks. For instance, in 2016, the 2016 presidential election fell victim to cyber manipulation, used as a geopolitical weapon. A few years later, Russian intelligence implemented the SolarWinds malware attack on U.S. soil. Over 100 U.S. government agencies and private companies’ confidential data was compromised in this incident. These previous attacks strongly suggest that these types of cyber-attacks are here to stay.
How can they hurt your business?
The U.S. and its NATO partners have delivered severe economic sanctions to reign in Russian aggression like never before. While this may be an efficient deterrent for further mass destruction on the Ukraine, the sanctions won’t deter cybercrimes. In fact, they may end up inadvertently accelerating cyber-attacks as the impacts on Russia’s revenue streams become more acutely felt.
Despite the geopolitical situation, our nation’s banking and financial institutions are always at risk of being attacked. Think back to the severe supply chain challenges in 2022. The key takeaway for banks is that securing your customers’ confidential information and remaining in regulatory compliance has never been more important. The risk and the stakes of a breach for your company are higher than ever before. Ongoing vigilance and investment in a cybersecurity program is crucial.
Why do you need to know about this?
If your company doesn’t have the proper safeguards in place, you’ll remain at a high level of risk of cyber-attacks. The most important thing to remember is that cybersecurity is no longer about just using the right tactics, you must also use the appropriate strategies to ensure comprehensive, multi-layered protection. At the end of the day, it doesn’t matter how sophisticated your anti-virus protection is, or how cyber aware you are, you will need more complex and extensive coverage.
Remember, cyber criminals only need to find one vulnerability in your network to infect your entire system. You may not even realize when/if you inadvertently leave the door open for them. Unfortunately, just one tiny error can lead to a white avalanche of unpleasant issues. The truth is that once it’s infected, you have two options: pay the ransom or lose your data and reputation. NO business owner wants to be forced to choose between those two options. It’s a lose-lose situation.
How can Cooperative Systems help protect your business?
We’re cybersecurity experts and know how to keep you protected today and well into the future. We’ve invested the time and money in developing the right tools and strategies to protect your company from malicious actors and cyber-attacks. We’ll secure your infrastructure and IT systems so that you have peace of mind.
If you’re a small to medium sized business owner, you’ll get the most current and inclusive expertise by working with a Managed IT Services provider (MSP). Yet not all MSPs are created equal. It’s easy to think that companies with extensive expertise in technology must also understand cybersecurity. Nothing could be further from the truth. Even though technology and cybersecurity go hand in hand, becoming an expert in cybersecurity requires extra time, investment and dedication.
At Coopertive Systems, we go the extra mile when it comes to cybersecurity.
We prioritize additional cybersecurity training and certifications for our company and team. For example, we sought out and completed multiple Security+ global certifications. This certification requires companies to demonstrate the following industry-based knowledge and practical skillsets: CompTIA Security+ global certifications. This certification requires companies to demonstrate the following industry-based knowledge and practical skillsets:
- A foundational understanding of cyberattacks, threats, vulnerabilities, and incident response scenarios
- An expanded knowledge of governance risk and federal compliance regulations
- A comprehensive intelligence on the latest cybersecurity trends and techniques
- Extensive effective problem-solving methods across a wide virtual landscape
The CompTIA Managed Services Trustmark is awarded to an MSP provider who delivers a complete managed services agreement. This essential security element consists of delivering expertise on the following subject matters:
- Standard operating procedures
- Best practices
- Proper systems and tools for delivering services
The CompTIA Security Trustmark+ is awarded to an MSP provider who demonstrates compliance with key industry regulations. (The International Organization for Standards (ISO) maps onto the NIST Cybersecurity Framework and is reflected in elements of the COMP TIA Security.) These compliances include the:
- Payment Card Industry Data Security Standard (PCI-DSS)
- Statement of Standards for Attestation Engagements No. 16 (SSAE-16)
- Health Insurance Portability and Accountability (HIPAA)
- Other regulations that rely on the National Institute of Standards and Technology (NIST) Framework
If you’re interested in protecting your company from the next round of cyber-attacks, click here to learn more.