Podcast: Shield Up for Cyber Warfare

Published on March 16, 2022

In this episode, James and Sarah dig deeper into what a cyber war really means for the U.S. economy and how it could impact the SMB space. As Russia continues to attack Ukraine and launch cyber attacks on those who interfere, businesses have very little time to take action and shield against likely rippling cyber attacks. 

The following transcript was generated using an automated voice recognition tool. Some small discrepancies may exist between this written transcript and the original audio recording.

 
Taylor (00:06)
This is When Bits Hit the Fan, where we keep an eye on tech news so you don't have to and when bits at the fan, we bring it right to you. Each time a major tech news story breaks I, Taylor Uden, and James Schuler translate the facts and show you how it impacts your business. So if you feel like you're inundated with tech stories, let us guide you through when bits hit the fan.
 
[Music] (00:29)
 
Sarah (00:32)

All right, welcome to this week's podcast episode. I am Sarah Yanity. You may be asking "wait, who the heck are you?". While Taylor decided to go out and get married, bits still decided to hit the fan so, I am no Taylor but, I'm here to talk about what these bits are doing to this fan and the recent headlines that may be affecting your business today.

 
James (00:57)
That was a great intro. It's the fan though, that does the things to the bits. The bits rarely impact the fan.
 
Sarah (01:06)
That could be an argument right there.
 
James (01:08)
[Laughter] I don't know where to begin then. Well, so what- what's- what's on the news? Did you- did you see something that was big?
 
Sarah (01:15)
Oh man. I stayed up till about two in the morning because I could not stop watching what is happening in Ukraine and Russia. Nothing else in the news matters right now! 
 
James (01:26)
Yeah, but rarely does international news make an impact to what we do here in-in-the SMB mid-market space in the US, right? I mean it can, don't get me wrong, depending on the industry it can certainly make an impact but rarely does it make an impact.
 
Sarah (01:34)
Right.
 
James (01:41)
But I feel like last night it all changed. 
 
Sarah (1:42)
Oh yeah, it's on a different scale. It- It's definatley going to impact our country and our businesses and not just critical infrastructure right?
 
James (01:50)
Right. So, let's- yeah, let's talk about what it is. So uh for everyone that's been living under a rock, Russia has been knocking on Ukraine's border for uh, for some time now. Now that they're entering Ukraine, the US is putting sanctions on Putin to back off. Putin's fighting back, saying 'if these sanctions continue, I'm going to attack America with cyber attacks' and specifically go after our banking finance sector, anything that would impact our economy greatly.
 
Since COVID started, we all got comfortable with what critical industries are and that's led to the term critical infrastructure. CISA, a term that maybe our listeners haven't heard as much about, is part of the homeland security team. So it's a small piece within homeland security that stands for Critical Infrastructure, CIS, yeah, Critical Infrastructure and Cyber Security Infrastructure? Great?.. You want to start it over?..
 
Sarah (02:48)
You're close. It's Cybersecurity and Infrastructure Security Agency. But I- it's close enough.
 
James (02:54)
I had it backwards, it totally threw me off. If it's not CSA, then it would be sussy. In my head, I had "Saucy" so dyslexia just killed me on that. So, the- the CISA announced uh, that this is going to be not just critical infrastructure that needs to focus on it. All businesses no matter their size, no matter their industry are now a potential target, if not directly then certainly indirectly, to what Putin and his team are about to do. The media picked up on this. All major media outlets have been announcing that this is now broader than just a single type of company or something that they can put an audit in place for-for us to build upon. Instead, now it's yeah, cyber warfare is what's being discussed so I-I love doing this, it takes things back too far for this conversation but, let's just see if I can get some bullet lists.
 
Since remote work started due to COVID becoming a reality and the-the uprising of simplicity behind cryptocurrency, we have had so many new terms we have to learn how to deal with from supply chain attacks with what SolarWinds taught us uh, to ransomware as a service which is what our evil and dark side and all those companies taught us um all the way through now to- to what we're hearing about kiloware and how critical infrastructure, another term, can potentially impact our day-to-day lives if it was not operational.
 
All right, If you have curiosity behind those topics, that's our previous podcast episodes. You can go back and find them or- or call me. I'll talk for days on it. Um, but yesterday on the news, senator Mark Warner, who is uh, the senate's liaison to a security committee that's involved inside what we do for foreign and international response to security measures said that this biggest concern, what keeps him up at night is that these cyber attacks are now considered imminent due to the sanctions we've already put on Putin and the word is we're going to up these sanctions, therefore it's definitely going to happen if those cyberattacks occur this is his concern.
 
It's not open season for all bad actors to have the most state-of-the-art code to attack whoever they want to attack. What he meant by that was, it's not like bombs, and technology, and weaponry. If one country attacked another country in the past, that one country would say 'I gotta build up my forces'. No longer do they have to build up forces. Instead, anyone can go in and grab that code, build their own ransomware version of that or their own cryptovirus from it, or their own DDOS virus and then use that against whoever they want to use it for. Do you remember, Sarah-
 
Sarah (05:35)
That's scary.
 
James (05:36)
Real scary.  Yeah, very, it impacts everybody.
 
Sarah (05:41)
Why- that's not anything I saw on the main headlines last night. I feel like that's being covered up, that's huge. Are they- yeah.
 
James (05:47)
Yeah, I don't know if it's covered up. You've watched enough news stories to know that I think the- the daytime TV doesn't know how to really get into a cyber conversation at the granularity that it ought to. Um, let me give you a good example. They say cyber warfare is coming, they say Putin's going to attack us with cyberattacks but do you all remember it was- it was recently um that AWS went down- 
 
Sarah (06:10)
Yes.


James (06:11)
and I- I- no one said AWS was attacked and I'm not trying to argue that they were but an attack that took like AWS down indirectly impacted many many different businesses. I heard companies tell stories about how their financial software is on a SAAS application or that their CRM tool was on the SAAS application and then it turned out that because AWS was down that SAAS application was housed in AWS therefore they didn't have access to their finance software or to their CRM tool- but the companies never thought to ask their provider their vendor what the back end environment looks like for the product.
 
So unless you're in an enterprise space, those really big players, the fortune 100, you're not going to be able to control where it is they put their- their back in infrastructure and so most small businesses, most mid-market companies are moving at such a high rate of speed, they can't slow down and do a vendor risk assessment to the granularity of 'what is the back end of each one of my vendors?'. So if you- if you consider that if Putin were to go after even just our fortune 500 companies, how could that potentially trickle down and impact indirectly everybody.
 
Now what he's saying is, he's going to go after everyone and he's had the time to do so. Here's how I know he's had the time to do so, the Solarwinds breach we had uh, almost, what was that? Beginning of 2020?
 
Sarah (07:31)
Oh man, yeah!
 
 
James (07:33)
It's been a bit. Um, he had sat silently inside the Solarwinds code for some time before anyone ever found out about it. It was, I think they said it was a mistake someone made that end up tipping their hand that they were inside people's organizations. So if he is indeed going to go with what he's going to do, he showed us the playbook when he invaded Ukraine.
 
It started out with a- multiple cyber attacks against their communications infrastructure and then um, followed by a lot of physical punishment. So the bombs and everything that you see on TV right now, that's- that's great for- for news and TV but it was uh, a big wave of cyber attacks and advanced to that, to that attack, that physical attack. So, I don't know what the right answer is for every business because I can't be involved in each one of their uh, their-their I guess leadership meetings. But it really is the playbook for how to defend yourself and be ready for it. It already exists.
 
Sarah (08:33)
But isn't our country prepared to defend these cyber attacks?
 
James (08:39)
That- maybe at some level. Um, but we've already learned- [laughter] Oh God, don't get me started. So, the- the-the news we keep hearing out of CISA and out of NIST are these vulnerabilities that are known today that they're saying all government entities must shore up to take a mandatory list unless it's a head fake, which would be a great head fake but unless it's a head fake that they're giving the entire world that means that our- our government hasn't even patched for these things.
 
So you know how Centre does vulnerability scans on a weekly basis with our customers and then those weekly vulnerability scans create a priority list of what vulnerabilities exist inside the environment then at our next change window we do all the patches. If they're critical we do immediately. Yeah, that's not happening in all of our governments. Uh, all the divisions in our government.
 
So when you say "aren't we prepared to defend it" we might be prepared to go on the offensive and attack back but we're definitely not prepared to catch the-the-the, I guess the attempt that Putin will make to go after all of our uh, economy. Most experts I listen to say that we're way behind there. I heard um, Biden actually state that for the last few months we've been shoring up our defenses. Well, that's scary. We probably should have been doing that for like the last-
 
Sarah (09:55)
Two years?
 
James (09:56)
Maybe longer. [Laughter] So that's a little nerve-wracking but yeah. We should be good at that. Um, today if I had any advice for a business owner, it would be take a copy of your data, go buy some external hard drive, and put a copy off-site, offline, without- without it touching your network. Go ahead and do that today, 30 days from now, you might regret that purchase because you may never need it. You may never touch it but if you are hit by something and the first thing they do is delete your backups, which is a- a common task that they take, delete the backups and show that they have power, and then you're going to pay your ransom- you're going to be really glad you have at least an old copy of your data.
 
The second thing is, uh, backups have to be segregated from the environment. They cannot sit on the same subnet as the rest of the servers and the production environment. If they are living that way today then your backups are generally useless in the event of a- a- a breach like we've seen recently. The- the next thing, a proactive threat hunter has to be there. We cannot rely on human eyes and human touch to do this. We're going to need some machine learning in-in the environment to- to scan and look for these uh, behavior anomalies that are- that are really just showing us where the encryption is. In fact, we just helped the group out where Microsoft alerting showed us where uh Avos- AvosLocker out of Russia was inside their environment and it picked right up on- on when they started encrypting systems and when they started building admin accounts and when they started creating mail direct redirects all that was labeled out in their alerts.
 
So you got to be looking at that and if one man is all you have on your IT staff, there's no way they can do it all. And then last, we've got to start doing vulnerability scans and looking at where is it what we have gaps and how do we prioritize it. If you can pull those things off, we can put an incident response plan together that gives you an idea of how you're going to communicate and how you're going to respond the day it occurs but there's no sense in building that incident response plan if you're actively putting those measures in place still. You should have at least the communications at the executive level but if you're making changes to the plan as you're- as you're building the plan it's kind of hard to really construct it, right? So we got to do it in a sequence.
 
We're kind of too late, I mean in some ways this has already started so uh if we want to have the conversation of where do we start first we need- we need to get involved with whoever your IT provider is today. Take those four things I told you and bring them up with your IT provider. If you don't have one, call us, but if you do have one bring them up. Make sure that you have confidence in those four areas. That's all we can do at this point.

 

Sarah (12:25)
Yeah it's like insurance, like your last window before the- 
 
James (12:30)
Yeah, yeah we've all been through insurance events. If this was a storm, and floods- floodwaters were rising, and your neighbors had flood insurance and you didn't, and you said "man what are you going to do?" and your neighbors go "well I've got flood insurance, I'm not too worried." you're going to regret not having that but, you can't buy flood insurance in the midst of a flood. Similarly, you can't buy preventative measures once you're breached that's, yeah, not a good place to be.
 
Sarah (12:56)
Yeah, you'll be outside stacking sandbags, praying that the water doesn't go through.
 
James (13:00)
Yeah, but we haven't seen a war like this. That's the last piece on this I'll mention, that we've seen so many wars, that we've studied in our upbringing, we've studied in school. We've never seen a war built around cyber attacks.


Sarah (13:11)

Right, no one knows what to expect. 

 
James (13:13)
Right so what- what- why wouldn't you take the preventative measure. In that case, the last thing you want is to be the guy running to Costco looking for toilet paper and bottled water.
 
 
Sarah (13:24)
[Laughter] Memories.
 
 
James (13:25)
Memories, right? Yeah, I did that once. But that's all I've got today I think we're out of time anyway but, that's- that's the- that is the craziest topic that we are at a point in our our our projection our maturity and learning about what cyberattacks can do to us that we're now wondering how will Russia's involvement with Ukraine impact all of our economy by- by cyberattacks, not just oil [laughter] that's the easy one.
 
 
Sarah (13:52)
Yeah.
 
James (13:52)
So wild.
 
Sarah (13:55)
Crazy. Well, until next time. 
 
James (13:58)
When bits hit the fan next time? Oh, tomorrow again I bet. 
 
Sarah (14:00)
Seriously. 
 
James (14:01)
All right, talk to y'all tomorrow. 
 

Subscribe to Our Blog

About the Author

Centre Technologies Centre Technologies

Centre Technologies is a full-service IT consulting and managed services provider headquartered in Texas, with a focus on mid-sized businesses. As a trusted IT partner for well over a decade, Centre is recognized for its local experience and enterprise-grade cloud and cybersecurity solutions. Centre is committed to helping organizations harness the power of technology to maximize their operational efficiency and exceed their business goals. Learn more about Centre Technologies »

Follow on LinkedIn »