Retired US Army Lieutenant General Russel Honore says MSPs should assume that they and their customers will face a cybersecurity attack from Russia within the next 24 hours.
“They need to make that assumption and put together a plan to deal with it,” he told CRN US in an interview. “They need to make sure their people are dealing with this right now while they are here at this show.”
Furthermore, he said MSPs should reach out to make sure their customers are putting in place precautions to prevent Russia based cyberattacks.
“They should also be making sure their customers are putting together the same kind of plan because their customers are linked to their businesses,” he said. “In the data world, your customer is like a patient. You are connected to them with an IV (an intravenous needle in a vein). If you are sick they are sick. If they are sick you are sick because this is a virus.”
In addition, ThreatLocker co-founder and CEO Danny Jenkins said the Russian invasion of Ukraine has sparked a 600 percent increase in cyberattacks. He said MSPs need to be concerned about nation-state-sponsored attacks.
Honore, who was recognised for his leadership to bring back New Orleans with military relief efforts in the wake of Hurricane Katrina, had some blunt advice for MSPs: “Don’t be stuck on stupid. Put your shields up. Change passwords frequently and don’t leave your computers on. Turn them off.” Here is an edited transcript of Honore’s remarks on the Russian invasion of Ukraine.
Do you think there is a cybersecurity threat here in the United States because of the Russian invasion of Ukraine?
Yes. I am most concerned about the (cybersecurity) renegades in Russia that (Russia President Vladamir) Putin might turn loose the dogs of war who have no formal government affiliation. They are renegades that normally attack cities in the United States with ransomware and make them pay to get their data back.
So do you think we will see a marked increase in ransomware?
Absolutely emanating from Russia or from friends they have here in the US There are a lot of Russians in the US
It’s a reality. Russia has done it before. Look at what happened over the last year when Russia came after us with the cyberattack on the Columbia Pipeline and several cities. Russia has claimed those are renegades or criminals. But Putin turned those renegades loose.
Don’t be stuck on stupid. Put your shields up. Change passwords frequently and don’t leave your computers on. Turn them off.
What are some of the dynamics going on with regard to the cybersecurity threat that will take hold if Russia takes control of Ukraine?
Ukraine is a technologically advanced country. They do a lot of data mining for bitcoin. They are involved in data storage and cyber. There will be part of the Russian army that will try to go in and exploit what has been left behind.
The world does business with Ukraine. They provide a lot of services to other countries. There are some 16,000 students from Egypt, Africa, Morocco who were studying in Ukraine. Now they are trapped in this war.
Ukraine is digitally connected to the western world. So internet technology that is there will be exploited by the Russians. Ukraine has to move from where they were a week ago not thinking that the Russians were coming to the fact that they are now there.
The big issue now is how do we isolate what we can that is now in Ukraine so that it doesn’t get exploited in our networks. Because when you deal with somebody’s data you trust them. Right now that data could be at risk because the Russians will have access to it. That could be trouble for a lot of people.
All of the civil and court records in Ukraine could be available to Russia. So they could figure out where people live and how to go after them. This is a travesty.
Civil servants in Ukraine have now left their homes during the insurgency. The Russians will now be able to know where they live if they capture that data. There are a lot of ugly things going on. What you seeing going on on the battlefield is only a part of it. The other part is the information war if the Russians get control of the databases in Ukraine.
Hopefully, Ukraine was able to shift that data out of the country. Data is like anything else, you can move it. You could move it to France, the US or Germany. Hopefully, that has been done. But remember up until a week ago the Ukrainians didn’t think this was going to happen. Now that they are under attack. They have to figure out how to export that data.
Ultimately how grave a threat is the Russian attack on Ukraine with regard to the potential impact on the United States?
It could close down our financial system and turn some of our power grids off. There is a lot of mom and pop industries and medium sised companies that spend more money on CEO bonuses than they do on cybersecurity.
Right now most companies provide more money to CEO bonuses than they give to cyber defence. A cyberattack is easy. Cyber defence is hard. You have got a lot of isolated kids in their grandma’s basement doing cyberattacks. Cyber defence is hard.
Should the US be doing more to prevent cyber-terrorism including attacking the bad guys with our own cyberattacks?
We can do cyberattacks. We are very good at it as a nation. We invented this stuff. Cyber defence is different.
What should the technology entrepreneur and solution provider owners be doing to prevent these cyber-attacks?
Assume that in the next 24 hours you are going to be attacked. They need to make that assumption and put together a plan to deal with it. They need to make sure their people are dealing with this right now while they are here at this show
They should also be making sure their customers are putting together the same kind of plan because those customers are linked to these businesses. In the data world, your customer is like a patient. You are connected to them with an IV (an intravenous needle in a vein). If you are sick they are sick. If they are sick you are sick because this is a virus.