John Sileo
John Sileo, cybersecurity expert, keynote speaker and CEO of The Sileo Group, a Colorado-based cybersecurity think tank. Sileo.com
President Biden has warned Americans to lock their “digital doors” over the potential for Russian cyberattacks in retaliation for US economic sanctions. Chilling possibilities: Crippled banks and frozen ATMs across the US…power outages and gasoline shortages…paralyzed public transportation, hospitals and government buildings…individuals locked out of their e-mail and personal data.
It sounds like a Hollywood movie, but it is even more of a reality thanks to the Russian government’s recent arrest and possible recruitment of key members of REvil, a criminal computer-hacking syndicate. REvil was responsible for sabotaging major companies last year, including the world’s largest meat producer, Brazil-based JBS Foods, and East Coast fuel supplier Colonial Pipeline.
To help you understand what could happen in a widespread cyberattack and what to do now to protect yourself, your data and your money, Bottom Line Personal spoke to renowned cybersecurity expert John Sileo…
The US suffers tens of thousands of ransomware attacks, credit card database breaches and malware intrusions every year. But an attack from Russia would be more strategic, inflicting damage on the computers and Internet connections that underlie our vital systems. Fortunately, after years of watching Russia’s cyber-attacks against neighboring Ukraine, the US can anticipate Russian attacks.
What you can expect: An attack on the US would focus on four major areas—energy, water and electrical infrastructure…financial institutions…cloud-data companies…and telecommunication firms. It’s unlikely that Russia would cause disruptions that inflict major loss of life akin to a 9/11 event—that would invite massive retaliation from the US, which has its own cybermilitary capabilities. But Russian intrusions could create extensive inconveniences in your daily life that last hours, days, maybe even weeks…
Analysis: Internet-connected computers control private and public facilities around the country. Cyberattacks against US energy companies, especially small ones that lack protective resources, could disrupt operations of oil and natural-gas pipelines. Power facilities could be knocked offline.
What to do: Stockpile nonperishable foods and one gallon of fresh water per person per day…a wind-up emergency radio…and a portable power station equipped with USB ports to keep phones charged. Stock up on medications. Keep car gas tanks filled. For more ways to prepare, go to BottomLineInc.com and search for “Are You Ready for the Next Disaster?”
Analysis: Banks and brokerages allocate billions of dollars a year to cybersecurity, making the loss of your money or data unlikely. But temporary mass disruption of ATMs, credit card transactions and bank/brokerage websites is possible.
What to do…
Keep two weeks’ worth of cash in small bills, preferably five- and 10-dollar bills, since stores may not be able to make change.
Switch back to paper if you opted for your statements to be delivered electronically. That way you always will have an accounting of your money handy.
Analysis: Major firms such as Apple, Google and Microsoft have world-class cyberdefense capabilities, but their websites could be victimized by large-scale distributed denial of service (DDoS) attacks, which swamp servers with so much traffic that the sites temporarily crash. While your data is unlikely to be stolen or compromised, you could lose access to these websites for hours or days.
What to do: Use the 3-2-1 plan for backing up your essential data ranging from passwords to financial information to photos, videos, documents and e-mail. Keep three copies of the data in two different formats or types of storage media (such as your computer’s hard drive and a portable thumb drive)…and one in the cloud. Determine your backup schedule, perhaps daily or weekly, depending on how much data you are willing to lose. Best practice: Periodically check to make sure your backup is working by testing the restoration of a sample file.
Analysis: It’s unlikely that any Russian cyberattack will go directly after an individual’s personal data or computer systems. But there is a hidden risk—criminals will use the “fog of war” to take advantage of anxious and distracted computer users. Expect to see even more “phishing” e-mails warning you of urgent threats to your security or finances unless you click on the attached links. These links typically allow cybercrimnals to download malware onto your computer so they can steal passwords and personal data and gain unrestricted access to your devices. One of the most common forms of malware is ransomware, which locks up your computer until you pay a hefty ransom to the cybercriminals. Even if you consider yourself computer-savvy and understand phishing scams, you still are susceptible. A recent study found that 47% of people working in the tech industry had clicked on a phishing e-mail at work.
What to do…
Fight the urge to click e-mail links. Set up an ironclad tech policy that forces you to slow down. Example: Wait five minutes before clicking on a link in any e-mail, even if you are confident that it is safe. That time can allow you to make rational decisions and investigate whether the e-mail is legitimate.
Keep elderly parents out of the digital crossfire. Seniors are likely to be targeted by online scammers in the wake of a cyberattack. Instead of telling your parents how to stay safe, gain access to their computers remotely and do it for them—make sure the operating system and other programs are updating automatically…put parental controls on some software…install antivirus software and run system scans…monitor their e-mail. If you and your parents both use Windows 10, use its remote-assistance tool Quick Assist (docs.microsoft.com/en-us/windows/client-management/quick-assist). Mac users can provide remote help using Remote Desktop (Support.Apple.com/guide/remote-desktop/welcome/mac). You also can pay for more comprehensive remote connectivity software, available at Splashtop.com ($5/month) and GoToMyPC.com ($35/month).
Analysis: At the outset of the invasion into Ukraine, digital sabotage hit Viasat, a provider of high-speed satellite broadband services and Internet connectivity. It knocked the Ukrainian military and police offline as well as thousands of customers across Europe. A similar attack in the US could shut down Internet or wireless phone communications.
What to do…
Have a plan to connect with loved ones in the event of communication outages. Example: Consider having a rule that if communications have been out for more than 24 hours, you should all gather in a predetermined spot. For out-of-town family, keep trying multiple channels of communication, especially landlines, which aren’t as easily affected as mobile devices. Print out phone numbers and street addresses—many people keep that information only on their smartphones, which may not be charged. More information: Ready.gov/get-tech-ready.
Understand analog backups. If you have items in your home that rely on the Internet of Things—your thermostat or garage door opener, etc.—know how to operate them manually.
