The war on Ukraine is a global crisis that cannot be ignored. The armed fighting may be hundreds or thousands of miles away for many of us, but the digital warfare against Ukraine and its supporters is global. There are growing concerns about a proliferation of cyber attacks directly targeting Canadian organizations.
What Kind of Attacks are Coming?
It is anticipated that we will see the below types of attacks:
- Ransomware – financial sanctions against Russia makes cryptocurrency more appealing than ever.
- Phishing campaigns that pose as charities or aid organizations helping Ukraine.
- DDos – overwhelming a target website with fake traffic to take them offline.
- Website defacement – hackers gain access to websites and take control of it to spread hateful messaging and content.
- Privilege escalation – exploiting a known bug or system flaw to gain elevated systems permissions.
- Zero-Day vulnerability – hacking a newly discovered vulnerability in a system or device that is not yet patched.
What can you do about it?
We have not experienced times like these where attacks can be initiated at lighting speeds against our financial systems, and infrastructure systems. It is imperative that you implement cybersecurity best practices to help defend your organization against attacks.
Some cybersecurity best practices include:
- Take cybersecurity training
- Do not visit obscure or niche websites you have not accessed before,
- Do not click unknown hyperlinks or open attachments from unfamiliar email addresses,
- Leverage two-factor (also known as multi-factor) authentication services to secure your accounts in the event of a password breach,
- Sanitize your passwords, and ensure you are using unique and complex passwords for your various personal and work-related accounts,
- Avoid unsecured and unprotected public Wi-Fi when possible,
- Ensure your computer is up-to-date with the latest patches from Microsoft, your business applications and other software.
As a best practices guide, the Canadian Government has published a ‘Baseline Cyber Security Controls for Small and Medium Organizations’ document. It is an extensive document that contains 13 foundational activities for businesses to secure their IT network and environments.
Talk to us! We are in this together. If you have any questions, concerns, or would like guidance on mitigating risk for your organization, please contact us.