As Russia continues to strike Ukrainian cities, the U.S. Government is encouraging organizations of all sizes to be prepared to respond to disruptive cyber activity.
The Cybersecurity and Infrastructure Security Agency has announced a
Shields Up campaign, to raise awareness of Russian hacking as tensions around Ukraine escalate. Shield Ups' goal is to provide
resources to businesses to ward off cyberattacks.
“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies.”
While the primary concern is to protect vital infrastructure from attacks, the guidance provided by CISA Shield Up is still relevant for private businesses as well. Cyberattacks by threat actors are on the rise, and despite the resources available to them, cybercriminals often rely on the most simple of strategies to steal or guess passwords to access victims' accounts. Spear-phishing, social engineering, and
phishing toolkits are also among some of the most utilized tools for state-sponsored cyberattacks.
It is no surprise that CISA’s Shield Up Campaign’s first recommendation is focused on MFA. “Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication” is the guidance to reduce the likelihood of a damaging cyber intrusion.
Enabling MFA is not just a recommendation for businesses; Shield Up also suggests that individuals implement MFA as one simple step towards improving their cyber hygiene.
“A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you 99% less likely to get hacked. So enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don’t forget your gaming and streaming entertainment services!” -CIAS, Shield Up Program
While implementing multi-factor authentication may seem like a common-sense best practice, according to
Cyber Signals, only 22% of customers using Microsoft Azure Active Directory (Azure AD) have implemented strong identity authentication protection. 83 million attacks were recorded between November 26 and December 31, 2021, showing that there is a clear and daunting difference in the scale of identity-focused attacks and general preparedness to defend against such attacks.