If Russia lashes out at the United States over Ukraine-related sanctions by mounting aggressive cyberattacks, the most likely targets would be the financial sector, defense contractors, and unsuspecting but vulnerable small businesses, cybersecurity experts say.
President Joe Biden warned Monday of significant Russian cyberattacks against the U.S., calling for American companies to be on high alert due to new intelligence concerning the Russian government’s alleged digital attack plans. Biden urged companies to “harden your cyber defenses immediately.”
FULL COVERAGE OF THE WAR IN UKRAINE FROM WASHINGTON EXAMINER
“Putin’s back is against the wall. … The more his back is against the wall, the greater severity of the tactics he may employ,” Biden added.
Cybersecurity experts say they’ve seen an increase in Russian state actors scanning the internet for vulnerable American websites to target, and they expect actual attacks to increase in the coming week.
“All sorts of American entities have been under scrutiny from Russia — from state, local, and federal governments to various companies — and there will be an uptick in cyberattacks in the next few weeks,” said Justin Reilly, CEO of Impero Software, a cybersecurity company that works with many Fortune 100 companies and multiple American banks.
“Russians will likely first go after the financial industry and defense-related companies but also small and medium businesses that don’t think they are important enough to attack and therefore are also more vulnerable in terms of their lack of security preparedness,” he added.
IT’S COMING: BIDEN WARNS OF RUSSIAN CYBERATTACKS ON US AMID UKRAINE WAR
Large-scale attacks on U.S. critical infrastructure, including electrical grids and gas pipelines, are unlikely, cybersecurity experts say, because they require months of complicated planning and execution. But taking down individual websites and organizations is feasible in a short period of time without high expertise.
“It’s correct to ring the alarm bells but also important not to panic or overstate the threat and instead prod ourselves and have better cybersecurity as a nation due to this horrific situation,” said Glenn Gerstell, former general counsel for the National Security Agency and now a senior adviser at the Center for Strategic and International Studies.
Gerstell said that although a major cyberattack on the U.S. is unlikely, if Russian President Vladimir Putin “feels cornered domestically” as a result of U.S. sanctions that will take full effect in the coming weeks, then he could take drastic and unexpected actions with regard to cyberattacks.
These attacks would not help Putin with his invasion of Ukraine, Gerstell said, but rather would be “an act of desperation” to show Russians that their president remains in control.
Cybersecurity executives also warned of the shortage of labor the industry is currently facing and the lack of resources to deal with multiple simultaneous cyberattacks.
“American companies and the government are not prepared for a large-scale attack by the Russians because imagine you have 10,000 fires across the country. … We already have a lack of manpower,” said David Murphy, a cybersecurity manager at Schneider Downs, one of the largest public accounting firms and cybersecurity consulting companies in the U.S.
Murphy said every U.S. company can take some steps to protect themselves from a cyberattack.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
“Every company can do self-assessment of what data of theirs is most valuable and at risk and then hire a cybersecurity firm or follow best practices in regards to online security and protections,” said Murphy, a former National Security Agency employee.
