Feds Warn U.S. Employers About Russian Cyberattacks

Roy Maurer By Roy Maurer February 28, 2022
LIKE SAVE
cybersecurity symbol

​The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is alerting the business community about potential cyberattacks from Russia after its invasion of neighboring Ukraine.

CISA stated that businesses should be prepared to defend against cyberattacks originating from Russia. Malicious cyber activities such as denial of service and malware attacks have already been reported in Ukraine and other countries in the region.

"Every organization in the U.S. is at risk from cyber threats that can disrupt essential services," said Jen Easterly, director of CISA. "While there are no specific credible threats to the U.S. homeland at this time, we are mindful of the potential for Russia to consider escalating its destabilizing actions in ways that may affect our critical infrastructure. All organizations must adopt a heightened posture of vigilance."

The agency asks employers to reduce the likelihood of damage, take steps to detect an attack, ensure the organization is prepared to respond and build up resilience.

Recommended actions include:

  • Validating that all remote access to the organization's network requires multifactor authentication.
  • Ensuring that software is up-to-date.
  • Confirming that all ports and protocols that are not essential have been disabled.
  • Ensuring that cybersecurity and IT staff are focused on identifying and quickly assessing any unexpected or unusual network behavior.
  • Confirming that the organization's network is protected by antivirus/antimalware software.
  • Designating a crisis-response team with main points of contact for a suspected cybersecurity incident.
  • Testing backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or other destructive cyberattack.

CISA specifically urged CEOs to conduct worst-case scenario planning, empower chief information security officers in the decision-making process for risk to the company, and lower cyberattack reporting thresholds to the U.S. government to ensure the agency can immediately identify an issue and help protect against further attack.

The agency also suggested that businesses sign up for free cyber hygiene services, which includes vulnerability and application scanning and remote penetration testing. CISA will also help employers determine how prepared their staff is to recognize phishing attacks and their level of security awareness.

How can you help?
The International Committee of the Red Cross remains active in Ukraine, saving and protecting the lives of victims of armed conflict and violence. Its neutral and impartial humanitarian action supports the most vulnerable people, and your donation will make a huge difference to families in need right now. Donate here.

LIKE SAVE

SHRM HR JOBS

Hire the best HR talent or advance your own career.

Are you a department of one?

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.

REGISTER NOW

SPONSOR OFFERS

HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.