What the Russian Indictment teaches us about cybersecurity.

Aside from the sensationalism of alleged espionage by a foreign power, the cybercrime accusations listed in the Mueller investigation’s indictment document should be a warning to businesses everywhere. It’s an object lesson in “this could happen to you” cybersecurity. Russian cyberwarfare notwithstanding, nation state attacks on US entities are common. The US CERT site has a running list of North Korean “malicious cyber activity” to prove it.

It’s rare that the general public gets to see the “how” of a cybersecurity breach. Organizations typically stick to generalities when they own up to data breaches. Notice that the cyber-attackers used every tool at their disposal to locate and exploit vulnerabilities at the Democratic National Committee and Clinton campaign: spear phishing to steal passwords and gain network access, spoofed security notifications and email accounts, hacking tools and malware. This single-minded cyber-attack is a prime example of how things really play out when hackers want to get in your back door.

Every organization needs to take the cautionary message to heart. Because to mitigate the risk of a data breach recurrence, you not only need to know what happened, but also how and why it did. Think about it. What if you’re a healthcare provider? People’s lives are at stake.

3 Fundamental Tips for Risk Mitigation

  1. Implement perimeter controls to detect breaches and other cyberattacks such as ransomware. How else will you know a phishing attack has occurred? When the system takeover happens? Use appropriate technical perimeter controls to detect an attack early on so you can take immediate action.
  2. Launch system redundancy while you resolve the breach or security incident. You need to take the system down to root out every instance of malware, which means business continuity measures come into play. If you can launch your backup, business operations can continue with only a small blip.
  3. Engage computer forensic experts to get an image of the drives. Sure, maybe you can wipe drives as part of eliminating ransomware. Now what? You have no way to find out how it happened or why.

The above tips make the assumption that you have the basics in place, like security incident response and business continuity plans (which go hand-in-hand, by the way). If you don’t have functioning fundamentals, the ensuing scramble after a data breach or cybersecurity incident starts to look like that classic vaudeville sketch “Who’s on first?”

Chris Apgar, CISSP, is a nationally recognized expert and educational instructor on information security and privacy, as well as a frequent instructor, panelist and panel facilitator for leading national industry groups in healthcare, compliance and security.