The shattering events in Ukraine rivet the world’s attention – but while the military and human damage captures most of the attention, U.S.-based business owners and individuals should focus on the potential cyber-risk to their own operations.
As Vladimir Putin’s forces strike out against his adversaries, “there is a not just a high likelihood, but a certainty of greater cyber activity, including targeting private sector actors,” P.W. Singer, a senior fellow at New America specializing in 21st century warfare, said in an interview, according to a February report by the U.S. Naval Postgraduate School.
At a time like this, when even smaller businesses are at a higher risk of attack from state-backed actors, the majority of business owners are not aware of the need to bring the security of their systems up to the next level with SEIM (Security Incident Event Monitoring) and responses. And even entrepreneurs who have kept up with best practices often do not know that prices for these kinds of robust programs are now within reach of many companies, even small ones.
A SIEM deployment can enable a business to take a proactive defense stance, instead of a reactive one — it’s a kind of distant early warning system that can mean the difference between safeguarding mission-critical data files before an attack or taking on the expensive and time-draining task of trying to unlock and re-build them after they have been compromised by cybercriminals.
One recent case started when we received a call from a worried business owner — who at the time was not a client — notifying us that her Facebook account had been compromised. We advised her that a complete, multilevel Security Operations Center response was warranted, since an attack on an entrepreneur’s social media account typically represents the opening salvo in a broader offensive.
Sophisticated bad actors may deploy “bots” — software programs that perform automated, repetitive tasks — that scour social media for certain keywords like CEO, president, owner and others that signify executive-level responsibility. When they latch on to these terms, they unleash other bots that access the Dark Web for passwords associated with the individual and will then run the passwords against the target’s email and other accounts in a bid to gain access.
Once they get a foothold in say, an email account, the cybercriminals may impersonate the accountholder and email infected files to the account’s contacts, to infect a larger universe and spread ransomware and other malicious files.
This is where a high-level SIEM program can be critical. By continuously reviewing device and application logs — detailed reports on important hardware and software actions that are generated and stored by Windows and certain dedicated APIs (Application Program Interfaces) that connect computer networks, and pro-grams to each other — on a real-time basis, SIEMs will flag suspicious activity and can, if enabled, launch immediate responses designed to shield the system.
A SIEM-response package is part of the “triangle” that makes up a must-have, robust cybersecurity approach. The first “leg” involves preventative controls, which almost everyone has: keeping up to date on software patches, a good antivirus program, an effective firewall, and multifactor authentication (MFA — users must provide additional identity verification, like scanning a fingerprint or entering a code received by phone, before they are granted access to an account or an app). Think of these as “passive” defenses, like a digital “No Trespassing” or other warning signs, or a security camera.
A stand-alone SEIM system is the second leg. It is still somewhat passive in nature, since log analyses alone serve as warnings, but this “middle” function can at least alert users that they’re being probed by hackers or other cybercriminals. At one time, only large businesses could afford SEIMs, but recent advances have brought the price down to the point where they can be included in an affordable security package for mid-size and even smaller companies.
The third “leg” is made up of two components. One is an integrated, cyber automated response package that kicks defenses up to the highest level by not only monitoring and alerting users about their devices and systems, but also launches real-time responses that may eliminate or mitigate a hacker’s damage. The other is a robust backup— preferably shielded from the rest of the system in case of infection — that can serve as a kind of fail-safe.
Most business owners simply want to run and grow their enterprise and service customers — they did not sign up to be warriors in a digital battlefield. But as we have seen from past mass-hacking events, companies no longer have the option of maintaining a Swiss-like neutrality. Like it or not, bad actors see all of us as legitimate targets. And as the global situation heats up, it is only likely to continue to get worse.
Carl Mazzanti is president of eMazzanti Technologies in Hoboken.