Cybersecurity in Uncertain Times
In our global, digitally-connected world, when a bomb falls anywhere we feel that impact close to home. Because we are so connected, cyber warfare is a very real threat and concern. Cybercriminals, terrorists, and nation-states are vying to disrupt and gain leverage, and as digitally-connected citizens, we are all fair game. This is a major reason why TAO has put so much emphasis on cybersecurity. We have curated a community of experts that can help provide some perspective.
From our Cybersecurity Community Co-Chairs:
My heart goes out to all of the people impacted by the events in the Ukraine especially the children who are undoubtedly scared. As the cyberattacks on their infrastructure continue, Ukrainian SBU Cybersecurity Directorate is being put to the ultimate test. This has a global impact. How can you mitigate your personal risk? Start with basic cyber hygiene:
- Use unique strong passwords
- Implement multi-factor authentication
- Watch for phishing attacks and know what to do if they happen
- Spread the word to your neighbors, friends, co-workers
- Ensure you are following a patch management process for home and office devices.
Leave battling the Nation States and ransomware groups to the experts.
Traci Esteve, Co-Chair TAO Cybersecurity Community
The general consensus amongst the intelligence and cybersecurity community is to expect an increase in attacks globally as conflict escalates with Russia. Additionally, unrelated bad actors will likely seize the opportunity to act while the world is distracted. It’s easy to say we should “be more alert”, but in cyber security, we deal with managing risk. There are various methods of calculating risk but they generally take into account threats, vulnerabilities, possibilities of occurrence, target value, and impact. The current geopolitical climate has impacted every portion of this calculation and cybersecurity practitioners and organizations should “re-run the numbers”. The residual risk that may have previously been acceptable may no longer be acceptable, behaviors, controls, and services may need to be adjusted to bring your risk profile back into an acceptable range.
Traci offers great advice on passwords, MFA, and Phishing. I’ll add making sure your devices are patched. Don’t let bad actors amplify their attacks with botnets powered by consumer goods and IOT devices.
Dominic Perez, Co-Chair TAO Cybersecurity Community
- NIST National Vulnerability Database (https://nvd.nist.gov/) for cybersecurity professionals.
- Ars Technica (https://arstechnica.com/) this is general tech and science news and serves as a bit of a middle ground between the very security-focused sites and general media. If you see it here then it’s a big deal and chances are it will be on CNN in a day or two.
- The Security Now podcast is also a good resource. (https://twit.tv/shows/security-now) Due to the format, it’s not always timely but they generally cover major exploits and trends.
- Cyware offers a number of “threat briefings” some paid and some free resources. (https://cyware.com/weekly-threat-briefing)
- A lot of security discussion happens on other forums that may not be “work safe” or suitable for all audiences. Reddit, The Hacker News, Slashdot.
- Another Authoritative Source to learn more (https://www.thecipherbrief.com/)
- If you are interested in supporting. We encourage donating to a trusted source such as the Red Cross or World Health Organization.
- The New York Department of Financial Services has issued the following: https://www.dfs.ny.gov/industry_guidance/industry_letters/il20220225_ukraine_escalation_impact_financial
It is our responsibility as a community to work together in challenging times. We will get through this moment. If you have the bandwidth please share any best practices with us and our community.
The TAO Team