The Biden Administration made another plea to U.S. companies to tighten their cybersecurity defenses.
“Today, my administration has issued new warnings that based on evolving intelligence, Russia may be planning a cyberattack against us," President Biden said. "As I said, the magnitude of Russia's cyber-capacity is fairly consequential, and it's coming.”
While Russian-born cyberattacks are nothing new to U.S. businesses, many companies, including those in critical infrastructure sectors like transportation or agriculture, haven’t implemented rigid cybersecurity standards, in part because there aren’t always legal minimum standards to meet. That will change soon though, as President Biden recently signed a new law that will legally require operators of critical infrastructure to report attacks to the government.
Still, Newsy spoke to cybersecurity experts who said that it’s still expensive or difficult for some companies to find the proper talent to fill security positions, making them vulnerable.
"These groups are going to target any systems really that are critical operations," Bill Moore, CEO of XONA, said. "They're just going to look for low hanging fruit, right? So, you know, the energy sector, you know, water services, communications, manufacturing, financial services, all of these are targets."
Russia is considered to be a hacking powerhouse, but their cyber-response has been relatively quiet so far since the war began. Experts told Newsy that Russia might have their hands full and aren’t carrying out state-sponsored attacks now, but very well could in the future.
"As the Kremlin sort of measures what they've got available to them to strike back, a cyberattack on the private sector is a fairly low-effort, low-cost and somewhat high reward strategy for them to pursue," Andrew Harmon, director of marketing at Firewall.com, said.
Harmon said it’s critical for companies to shore up their defenses now and to look at the possible consequences of an attack.
"It can cut into your budget quite a bit to properly secure your network, but it can destroy your business outright to get hit by ransomware," Harmon said. "So, when you do the cost benefit analysis, it always works out in the favor of being safe."