Russian Cyber Attacks – Memo for Small Businesses

February 24, 2022

Memo for all Small Businesses

From: Dr. Shawn P. Murray, President of Murray Security Services and Lead Cyber Consultant at the Pikes Peak Small Business Development Center (SBDC)
As the world watches further developments between Russia and the Ukraine, many small business owners and managers are wondering what effects there may be on their businesses. It is a good question to ponder, considering that it has been reported that Russia began planning their invasion many months in advance to include cyber attacks on Ukraine’s government and elements of their national critical infrastructure. It has been reported by the FBI and intelligence sources that the Russia planted malware, to include ransomware and advanced persistent threats (APTs) months in advance to degrade Ukraine’s communications and create chaos for government, military and civilians.

World leaders vow to hold Russia accountable and have already imposed sanctions to include freezing bank accounts and restricting Russia’s ability to trade using the American dollar and the Euro. More sanctions will put pressure on Russia to respond to these measures and we believe that may include increased attacks on businesses that are vulnerable to cyber attacks like ransomware in order to raise funds to continue their activities.
As a small business, it is imperative that you have an understanding of your most critical business processes and develop a continuity strategy and plan to protect your assets. Ask yourself these questions to get started:

1. What information or data does my business process, transmit and/or store?
2. How is the information or data protected from a cyber-attack or unauthorized disclosure or breach?
3. How often do you back up your critical information or data? Do you store the backups off site?
4. What critical applications or programs are required to keep your business operating?
5. Do you have a backup strategy if these applications or programs are no longer available due to a cyber-attack?
6. What critical systems or devices are required to keep your business operating?
7. Do you have a backup strategy if these systems or devices were no longer available due to a cyber-attack?
8. How long can your operation be down due to a cyber-attack before it negatively disrupts your business?

As a business owner/operator, you must have a contingency plan in place with a solid understanding of effective responses to the questions above. You should have a prioritized list of your critical processes and a recovery schedule for them. You should perform resilience tests as well to ensure you address any deficiencies.

As a small business, this can seem a bit overwhelming! Where does one start to address each area? You don’t have to figure this out on your own. Contact the Small Business Development Center to set up an appointment with a cyber consultant so they can help you create a plan. Other SBDC resources include business continuity, disaster recovery and financial planning to help you mature an effective approach to better understand your business and protect it!

Resources:
US braces for Russian cyberattacks as Ukraine conflict escalates Here’s how that might play out
By Rishi Iyengar, CNN Business
Updated 8:12 AM ET, Thu February 24, 2022
https://www.cnn.com/2022/02/24/tech/russia-ukraine-us-sanctions-cyberattacks/index.html

US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions
By Sean Lyngaas, CNN
Updated 8:58 PM ET, Tue February 22, 2022
https://www.cnn.com/2022/02/22/politics/russia-sanctions-fbi-cyber-threats-ransomware/index.htm