Cybercriminals love pandemics, natural disasters, and wars. Global distractions are good for their business.

Russia’s invasion of Ukraine elevates cyber security risks, which were already on the minds of global business leaders. So far, the incursion has delivered new distributed denial of service (DDoS) attacks and a novel malware, Hermetic Wiper.

While most attacks have targeted Ukraine’s government, infrastructure, and financial services, US companies need to be on guard against spillover and direct attacks. The US/British-owned insurance broker AON was attacked on February 25. Although no direct connection has been reported, this was one day after the invasion.

But business leaders around the world did not need a war to stir their anxieties about cyber-attacks. The Allianz Risk Barometer, which surveys over 2,650 risk management experts around the world, identified cyber risk as the number-one threat to global businesses for 2022.

That means companies worry more about potential data breaches, ransomware attacks, and major IT outages than supply chain disruptions, COVID-19, or natural disasters. The second highest-rated concern was a business interruption, which can result from a catastrophic cyber-attack.

Not being able to provide products and services on time or–at all–is a frightening prospect. Business interruptions can have long-lasting, and for some companies, fatal impacts.

Tower’s commitment to business continuity relies on our powerful cybersecurity system and exacting protocols. These include the installation of anti-malicious software and its updates, the use of multi-factor authentication (MFA), VPNs, and real-time, 24/7 monitoring to detect and mitigate cyber intrusions. In addition, our employees receive extensive cybersecurity training and understand how to do their part to prevent breaches. We invest considerable time, thought, effort, and money to secure our data and our clients’ data.

Because data transfer presents a vulnerability, we also have a Vendor Risk Assessment Process for all third parties that can access Tower’s data, networks, and servers. In a digital age, companies need to be as concerned about their partners’ cybersecurity practices as they are about their own.

Hopefully, the war in Ukraine will not provoke massive cyber-attacks, but now is the time to secure your perimeters. To help you tell if your organization is as cyber secure as it can be, here’s a checklist gleaned from our partner, Palo Alto Networks, and the Shields Up site from the US government’s Cybersecurity & Infrastructure Security Agency (CISA).

• Implement multi-factor authentication on your accounts.
• Lockdown your network. Disable all applications, ports, and protocols that are not essential to operations.
• Ensure software is up to date
• Reinforce employee training, especially regarding clicking on strange emails. According to CISA, 90% of ransomware attacks come through phishing
• Renew your plan for managing an attack.
  • Walkthrough scenarios in table-top exercises.
  • Test back-up and recovery plans and continuity of operations in case a network is disabled.
  • Make sure the emergency contact information for your people and partners is updated and available.
  • Revisit your crisis communications plan.

Most cyber threats can be managed, but we must be proactive. If your IT professionals have been requesting funds to strengthen cyber security, take this time to analyze the proposed solutions. Invest while you can.

Our CEO Rita Wilson has a strong technology background and a keen interest in these issues. If you have questions or just want to discuss your cyber security concerns, contact her at rita.wilson@towermsa.com

Meantime, shields up!