Since the beginning of the war in Ukraine, U.S. officials have feared that the conflict could escalate into a larger and more destructive fight. It’s not only a broader war that officials fear. They’re also concerned that Russia could begin targeting its enemies with malicious cyberattacks. According to a recent assessment conducted by the Cybersecurity and Infrastructure Security Agency (CISA), “Russia almost certainly considers cyberattacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts.” 

Russia’s past actions inform CISA’s assessment. Over just the past few years, Russian state-sponsored actors have targeted the SolarWinds software supply chain, COVID-19 vaccine developers, the U.S. Democratic National Committee and many others. On March 15, 2022, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory detailing how Russian state-sponsored actors exploited the so-called PrintNightmare security vulnerability to run code on a hacked network. Less than a week later, President Biden revealed “evolving intelligence” suggesting that the Russian Government is exploring options to conduct potential cyberattacks against U.S. businesses and critical infrastructure. These events have prompted CISA to issue a special advisory to all U.S. organizations, warning them to prepare to respond to potential disruptive cyber activity.  

Shields Up Against Cybercrime

In response to Russia’s invasion of Ukraine, CISA released a Shields Up warning, urging organizations of all sizes to “prepare for, respond to, and mitigate the impact of cyberattacks.” These recommendations include actions that would reduce the likelihood of a cyberattack, quickly detect potential intrusions, ensure a swift response to an attack, and make organizations more resilient to cyber incidents. 

But it’s not just organizations that are vulnerable to cyberattacks. In many ways, individuals are even more vulnerable to this kind of crime, and CISA’s Shields Up warning provides helpful advice that can protect everyone.

Four Steps to Protect Yourself

While the chance of Russia targeting an individual in a cyberattack is relatively small, it’s much easier for an individual to get caught up in a broader cyber incident. CISA also warned of an increased risk of non-Russian “attacks of opportunity” while the world’s attention is diverted by the Ukraine crisis. With this in mind, CISA offered four steps individuals can take to protect themselves online. They include:

1. Implement multi-factor authentication. Passwords aren’t always enough to protect your accounts from hackers. However, adding a second layer of protection through a text message, email or biometric identifier can make you 99% less likely to be hacked. 
2. Update your software. Developers are constantly updating their software in response to emerging hacking threats. Ensuring you’re always running the latest software version on your computer, phone, tablet and browser will keep you safer. Automatic updates can help make this process much more manageable.
3. Think before you click. “90% of successful cyberattacks start with a phishing email,” according to CISA. So, internet users must be cautious when asked to provide personal information online. 
4. Use Strong Passwords: It seems like everything requires a log-in these days, so it’s so tempting to use easy-to-remember passwords. However, taking the time to create strong passwords and organizing them in a password manager can significantly improve your online safety.

The average internet user will be consistently safer online with these four recommendations in place.

The Threat is Real and Serious

Hopefully, the conflict in Ukraine will end soon. But even when it does, the threat of cyberattacks will remain dangerously high. In the meantime, current events serve as a reminder of how serious these threats really are. In response, we all must take consistent steps to protect ourselves and mitigate the potential for damage if we are attacked. CISA’s advice offers a great starting point for organizations and individuals alike.