President Joe Biden warned again on Monday that Russia may be preparing to carry out cyberattacks against the United States in retaliation for economic sanctions that the United States and its NATO allies imposed on Moscow after the invasion of Ukraine.
“The scale of Russia’s cyber capability is quite substantial and it’s coming,” Biden said at the quarterly Business Roundtable meeting in Washington.
Security professionals are urging Americans to take immediate action to protect themselves.
“We’re seeing more and more nation-state activity because of the conflict in Ukraine,” said Ryan Wright, a professor specializing in cybersecurity at the University of Virginia. “With the US sanctions in place, it is only a matter of time before the US is targeted more directly. This can mean attacks on your personal device through ransomware, but also attacks on infrastructure such as your internet access or even the power grid.
From SolarWinds attacks to Colonial Pipeline attacks, state-sponsored actors are waging increasingly sophisticated cyber warfare. Russia could try to disrupt financial systems and crucial infrastructure such as the power grid or oil production to pressure the United States to waive sanctions, said Saryu Nayyar, CEO of the security firm Gurucul.
While cyberattackers are unlikely to target most Americans individually, “the reality is that any cyberattack can impact individuals,” she said.
THIS IS WHY RUSSIA INVADED UKRAINE:Mapping and tracking the Russian invasion of Ukraine
WHO IS VOLODYMYR ZELENSKY? What to know about Ukrainian President Volodymyr Zelenskyy
With technology meeting so many of our basic needs, those impacts can be widespread, from supply shortages at your local grocery store to widespread power outages, says Kevin Novak, chief executive of security firm Breakwater Solutions.
“So while at this time I do not believe that private American citizens should tremble in fear about Russia’s ability to adversely affect them via cyberattacks, it is reasonable to expect that their lives will be affected. in a way by cyber retaliation resulting from US sanctions and other political maneuvers,” Novak said.
Warns Chris Olson, CEO of The Media Trust, a digital security platform, said: “Consumers should be aware that cyber actors can target them through almost any website or mobile app.”
So Americans need to be prepared, says Doug Jacobson, a professor of electrical and computer engineering at Iowa State University. What he advised his friends: Protect yourself by practicing “cyber hygiene”.
Eman El-Sheikh, associate vice president of the Center for Cybersecurity at the University of West Florida, said Americans should review and strengthen their digital defenses immediately. “Cybersecurity is everyone’s responsibility,” she said.
So what is cyber hygiene? Here are some common-sense recommendations from the Cybersecurity & Infrastructure Security Agency’s (CISA) “Shields Up” campaign and cybersecurity experts interviewed by USA TODAY.
Enable multi-factor authentication
Use multi-factor authentication on all your accounts, including email, social media, shopping, and financial services, for extra protection. When you log in, you will be asked to confirm your identity by SMS, email, passcode, fingerprint or Face ID.
Update everything, including software
Update anti-virus and malware software, operating systems and applications, especially web browsers, on all devices including mobile phones, tablets, desktops and laptops. Enable automatic updates.
Think before you click
Before clicking or tapping on links or attachments or downloading files, take a moment. Most cyberattacks start with a phishing email, which looks legitimate but isn’t and can be used to steal your passwords, social security number, credit card numbers and other sensitive information or to run malicious software known as malware.
Use strong and unique passwords
Protect all of your account credentials, including username and password, says Lucas Budman, CEO of security firm TruU. Use strong passwords and do not reuse them. Your best bet is to subscribe to a password manager to generate and store unique passwords.
Don’t believe everything online
“All parties to any conflict will also work to use information flows to their advantage. People should be very careful about what information they share,” said Jessica Beyer, senior researcher and senior lecturer at the University of Washington.
RUSSIAN SANCTIONS:From football to vodka, here are some sanctions, bans and boycotts imposed on Russia
What is SWIFT? How could Russia’s ban on the banking system impact the country?
“People need to remember that when information is incomplete and emotions are naturally high, that’s the perfect situation for bad information to spread,” Beyer said. “People pursuing all sorts of agendas will benefit. Bad actors will work to spread fear and doubt. Military aggressors will try to make their reach seem greater than it is. One way we can all help in a minute way is to be aware of what we consume and share.”
So far, Russia is losing the global information war “both because its attack on Ukraine was unprovoked and impossible to disguise, and because the government took a scattershot approach to shaping the narrative” said Scott Radnitz, associate professor of Russian and Eurasian studies. at the University of Washington.
But he expects more misinformation and misinformation to spread. Beware of unsubstantiated claims such as Ukraine building a “dirty bomb” or carrying out “false flag” attacks, Radnitz said.
Back up important files now
Cybersecurity professionals are urging Americans to back up important files like bank accounts and statements to the cloud and to external drives.
Use a VPN on the public internet
Use a VPN or virtual private network. It provides an extra layer of protection between your devices and the internet by hiding your IP address and location. It also encrypts your data. Also, make sure your home Wi-Fi is password protected and secure to prevent people from stealing your personal information and attacking your devices.
Stocking up on emergency supplies?
Should you prepare for a cyberattack like you would for a tornado or an earthquake? Safety experts are mixed, but say it’s generally a good idea to have cash, an emergency kit and a full tank of gas. “Care about cybersecurity like you do with mother nature,” Jacobson said.
Don’t overdo it. After the Colonial Pipeline attack last year, the computer systems responsible for producing fuel were disabled, panicked motorists lined up at gas stations across the Southeast to fill up their tanks and jerrycans.
“Where the danger really comes from is fear,” said Dave Cundiff, vice president of cybersecurity firm Cyvatar.ai. “Fear of the unknown is what gives cyberattacks their greatest power.”
Contributor: Michael Collins and Courtney SubramanianUSA TODAY