David Sun

With the Russian invasion in Ukraine continuing to lead the daily news and as sanctions by the United States against Russia escalate, acts of cyberterrorism against businesses in this country are highly likely. In fact, in a statement issued to the nation on March 21, President Biden called this “a critical moment to accelerate our work to improve domestic cybersecurity.”  

In light of this potential threat, the Department of Homeland Security has issued a Shields Up guidance from the Cybersecurity & Infrastructure Security Agency for all organizations – regardless of size – to adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. This comprehensive guide provides recommended actions for organizations and corporate leaders, a ransomware response check list and steps that individuals can take to protect themselves and their families. 

The time for hypervigilance is now. Ransomware is becoming increasingly sophisticated and can cost companies millions of dollars in a matter of mere minutes, data breaches can impact millions of consumers or compromise years of research and banking fraud enabled by these attacks diverts millions of dollars. As such, businesses should ramp up testing and assessment of their cybersecurity programs and protocols to help secure their systems. 

There are several basic protection steps that can be taken, including installation of internal firewalls (in addition to the standard external firewall) and setting up of Endpoint Detection and Response software in your organization’s network and on all devices used by employees.  

Back up data regularly, including word processing documents, spreadsheets, databases, financial files and data stored in the cloud. Implement multi-factor authentication on accounts and entry points, update software and applications on all devices and always think before you click – regardless of the amount of anti-malware you have installed. 

Don’t overlook the significance of using long passwords (greater than 14 characters) that include a mix of upper and lowercase letters, numbers and symbols. Make sure all employees with access to the company network are trained on cybersecurity practices and your organization’s security policy, and review and update your security policies regularly. 

Stop, Think, Act 

Despite the implementation of cyberattack prevention practices, cyber criminals can and will find a way to do damage. Consider these three response steps in the unfortunate event of a cyberattack – be it phishing, malware, or ransomware: 

Stop, think and act  

First, determine what happened or what is happening and what you must do to lock down your systems to stop the attack from spreading, then notify your legal counsel, insurance carrier and the proper authorities. Cease any financial transactions until they are validated, and you are confident they are secure. Then, quickly inventory all resources and organize your response team. 

Next, assess the nature and impact of the attack to determine its full scope and the extent of what was taken, damaged, or compromised. Take time to affirm that your actions do not compromise forensic evidence or the ability to fully investigate the compromise. Once comfortable with the actions you are taking, attempt to determine the motivation for the cyberattack – money, trade secrets, reputation, etc. 

Now, it’s time for action. Establish your response and corporate level of risk tolerance (i.e., if ransomware, should you pay the ransom or risk stolen information being posted on the dark web), then deploy lockdown and risk mitigation processes. At this point, you should develop a communication strategy that includes internal personnel, clients and the general market. Lastly, conduct a full forensic analysis of how the attack happened and why. 

Organizations must focus on every aspect of cybersecurity to help protect their business and avoid becoming a victim. From creating processes to utilizing high-end technology and educating employees about the dangers of “random clicking” – every one of these boxes must be checked to build a cybersecurity program that can help protect your organization. 

David Sun is a principal at CliftonLarsonAllen LLP and national leader for its cyber incident response and forensics practice.