PSA to American businesses and critical infrastructure industries
By now, we are sure you have heard about the Russian military activity in Ukraine and associated political tensions around the world. We hope for a swift resolution to this crisis.
The U.S. Government has published multiple warnings of potential cyberattacks against American businesses and critical infrastructure associated with the events in Ukraine. The team at ZAG also asks for everyone’s vigilance to guard against potential cybersecurity threats to your company and employees.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) states the following on their website:
While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.
The good news is that we are not yet seeing a general uptick in malicious activity, but we must all prepare for this eventuality. You should also anticipate the potential release of security patches to address zero-day vulnerabilities revealed during this conflict. We will keep you updated on any action required as we know more.
A favored approach to network penetration by cybercriminals is email phishing. To mitigate potential phishing attacks on your company, as part of this PSA we recommend you communicate the following (or similar) guidance to your employees:
Team: By now, I am sure you have heard about the Russian military activity in Ukraine and associated political tensions around the world. We hope for a swift resolution to this crisis.
The U.S. Government has published warnings of increased cybersecurity threats to American businesses as this conflict develops. Consequently, I am asking for your help to prevent email “phishing” attacks on the company:
- Do not click on any link or open any attachment in any email, unless you are certain that it came from someone you know personally.
- Do not respond to any texts or mobile phone prompts unless they are expected.
- Mistakes happen. If you do any of these things let me know immediately – you could stop a cyber-attack on the company!
People can be our weakest link, or our first line of defense. Thank you for doing your part to keep the criminals out of our computer systems and our company in operation.
Please contact [your support contact] if you have anything to report.
If you experience an IT security event and need assistance with incident response, disaster recovery, or remediation, contact our team by phone: 408.383.2020.
All ZAG clients have full access to their account managers as always, and if you have any questions about this increased cybersecurity threat or your overall cybersecurity posture we ask that you contact our team immediately.