{"id":18664,"date":"2022-04-04T08:30:12","date_gmt":"2022-04-04T16:30:12","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/04\/04\/news-12397\/"},"modified":"2022-04-04T08:30:12","modified_gmt":"2022-04-04T16:30:12","slug":"news-12397","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/04\/news-12397\/","title":{"rendered":"The Russian cyberattack threat might force a new IT stance"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2020\/04\/security_system_alert_warning_cyberattack_tracking_threats_by_matejmo_gettyimages-875326288_2400x1600-100838198-large.3x2.jpg?auto=webp&amp;quality=85,70\"\/><\/p>\n<p><strong>Credit to Author: Evan Schuman| Date: Mon, 04 Apr 2022 09:20:00 -0700<\/strong><\/p>\n<p>There\u2019s a lot of fear of possible Russian cyberattacks stemming from Russia\u2019s attempted takeover of Ukraine. Perhaps the biggest worry \u2014and quite possibly the most likely to materialize \u2014 is that these cyberattacks will likely be finely tuned as retaliation for US financial moves against the Russian economy.\u00a0<\/p>\n<p>The cyberattacks would be designed not to steal money or data per se, but to harm the US economy by strategically hitting major players in key verticals. In other words, the Russian government might say, \u201cYou hurt our economy and our people? We\u2019ll do the same to you.\u201d<\/p>\n<p>Thus far, there\u2019s no evidence of any large-scale attack, but one could be launched at any time.\u00a0<\/p>\n<p>Brad Smith, a managing director for consulting firm Edgile, argues that enterprise IT and security executives need to change their thinking during the ongoing war.\u00a0<\/p>\n<p>\u201cThe timeframes and the criticality of the investments that organizations need make around the defense of their attack surface need to be altered and looked at through a different lens and a different perspective,\u201d Smith said.<\/p>\n<p>Waiting to invest in stronger security until attacks are already visible is too late. \u201cThe threat now is an existential one,\u201d he said. \u201cThe nature of what you&#8217;re trying to protect yourself against has fundamentally changed, so your behavior has to change as a result.\u201d<\/p>\n<p>It\u2019s also critical to remember, Smith said, that the attackers\u2019 goals are different than usual. \u201cThe threat is coming from organizations that are not interested in taking your information or leaving your systems alive afterwards,\u201d Smith said. \u201cThey are simply trying to do as much damage as possible in order to disrupt businesses and thereby disrupt the American economy.\u201d<\/p>\n<p>This does raise the question of why more visible attacks have yet to materialize. Have the attacks already happened, planting digital timebombs in selected targets to either go off at a predetermined day\/time or at the instant a trigger command is issued? That would have the dramatic result of everything detonating at once.<\/p>\n<p>Various US government agencies have warned of imminent attacks, but the very few specifics they have offered generally amount to, \u201cDo what every enterprise CISO knows they should have done years ago.\u201d\u00a0<\/p>\n<p>One of the better warnings came <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-083a\" rel=\"noopener nofollow\" target=\"_blank\">March 24 from the U.S. Cybersecurity &amp; Infrastructure Security Agency <\/a>(CISA). After listing a variety of blindingly obvious suggestions \u2014 \u201cSet and enforce secure password policies for accounts.\u201d Really? Who would have never thought of doing that? \u2014 CISA encourages far more implementations of VLANs (especially for networked printers and similar devices) as well as one-way communication diodes.\u00a0<\/p>\n<p>CISA also offers a general thought that needed to be far more specific: \u201cEnforce multifactor authentication (MFA) by requiring users to provide two or more pieces of information (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system.\u201d\u00a0<\/p>\n<p>First, in 2022, CISA should be actively discouraging passwords entirely. Enterprise passwords should have died out years ago. Secondly, some MFA approaches are far more secure than others. (I won\u2019t rant again about the worst MFA approach of sending unencrypted text via SMS; that is nothing more than terrible cybersecurity masquerading as decent cybersecurity.) How about encouraging mobile app authenticator approaches, which are low cost and easily accessible?\u00a0<\/p>\n<p>What CISA didn\u2019t say, and what Smith strongly implied, is that CISOs and CIOs need to take a war footing and change their thinking about end-user friction.<\/p>\n<p>Today, IT, security, and line-of-business executives are terrified of making their users jump through too many authentication hoops, albeit for very different reasons. The line-of-business executives are worried about anything that could slow down efficiency, while CISOs are more worried about end-users getting frustrated and doing end-runs about the protections.<\/p>\n<p>But now it\u2019s time to up authentication strictness and allow end-user friction to rise. After all, the attack goal is not to steal customer data as much as it is to shut down operations. Think about hospitals and power plants and other high-value targets. Those attacks could easily kill people. Against that kind of threat, does a few minutes of inconvenience really matter?<\/p>\n<p>That all said, there is an operational problem here. What if the attacks don\u2019t come up for months? Or worse, what if they come and we never know when they are completed? Are enterprises expected to maintain a war footing forever.<\/p>\n<p>That is not a question easily answered. On the one hand, cyberthieves of non-war-kinds are always going to be here and their attacks are going to continuously get more sophisticated. Wouldn\u2019t that suggest that war-footing <i>should <\/i>be permanent?\u00a0<\/p>\n<p>Also, non-friction doesn\u2019t have to mean weak-authentication or weak cybersecurity. Consider behavioral analytics and continuous authentication. It\u2019s not new security as much as a new way of thinking about security. And during a war, new ways of thinking could be what fends off successful attacks.<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3655972\/the-russian-cyberattack-threat-might-force-a-new-it-stance.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2020\/04\/security_system_alert_warning_cyberattack_tracking_threats_by_matejmo_gettyimages-875326288_2400x1600-100838198-large.3x2.jpg?auto=webp&amp;quality=85,70\"\/><\/p>\n<p><strong>Credit to Author: Evan Schuman| Date: Mon, 04 Apr 2022 09:20:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>There\u2019s a lot of fear of possible Russian cyberattacks stemming from Russia\u2019s attempted takeover of Ukraine. Perhaps the biggest worry \u2014and quite possibly the most likely to materialize \u2014 is that these cyberattacks will likely be finely tuned as retaliation for US financial moves against the Russian economy.\u00a0<\/p>\n<p>The cyberattacks would be designed not to steal money or data per se, but to harm the US economy by strategically hitting major players in key verticals. In other words, the Russian government might say, \u201cYou hurt our economy and our people? We\u2019ll do the same to you.\u201d<\/p>\n<p>Thus far, there\u2019s no evidence of any large-scale attack, but one could be launched at any time.\u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3655972\/the-russian-cyberattack-threat-might-force-a-new-it-stance.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-18664","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18664"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18664\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18664"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}