The state service for special communications and Information Protection has prepared recommendations for private companies on cyber protection from the Russian Federation.
Invest in the simplest ways to protect yourself.
The most popular methods of cyber attacks by Russian military hackers are:
phishing mailings, as a result of which they can get credentials to access information systems;
sending out malicious software that aims to steal data or destroy infrastructure;
exploiting known vulnerabilities.
You can protect yourself or minimize the risks of these cyber attacks by following the rules of cyber hygiene, taking a responsible attitude to the password policy, and updating the software in a timely manner.
Explore the weaknesses of your cyber defense and strengthen them.
Hackers constantly conduct intelligence operations in Ukraine, find the weakest points in the protection of companies and attack through them. There are no 100% secure systems. However, the less it costs hackers to hack your system, the higher their motivation will be.
The company’s security depends on each employee.
Hackers can also attack a company or institution through employees, stealing their data. Military and statesmen are particularly in danger. For these categories of people, cyber hygiene should become the No1 habit.
The physical security of users of critical information infrastructure is just as important as the protection of their accounts.
Russian hackers can use the credentials of users located in the temporarily occupied territories. Companies, especially those with critical infrastructure, need to understand that the physical security of their employees is also an investment in their cyber defense.
Recall that the State Service for Special Communications, together with teams of the best Ukrainian cybersecurity companies and the world’s leading solution manufacturers, introduced layered cyber protection for the state and business. Any company in Ukraine can apply to CERT-UA and get targeted assistance in protecting against DDoS attacks, monitoring security, migrating to cloud environments, deploying state-of-the-art cyber threat protection systems for your workstations and servers, and so on.
