而
上个月底, the White House warned that Russia could be planning to launch cybersecurity attacks in response to U.S. 对俄制裁. 虽然没有具体的威胁迫在眉睫, there is “evolving intelligence” that Russia is “exploring options for potential cyberattacks,”
而 infrastructure companies such as energy suppliers are most at threat, cybersecurity experts warn that financial services companies also have targets on their backs. 总统的声明是
即使是很小的, 独立咨询公司, which can still have access to millions of dollars in assets as well as clients’ sensitive personal information, 需要做好准备.
“All financial firms are currently on heightened alert,Carlos Legaspy说, Insight Securities的总裁兼首席执行官. “The 金融体系 is part of that critical infrastructure. Extra vigilance is being placed on ransomware attacks because the goal by Russian agents would be to cripple, 不一定要偷, 客户的身份.”
钓鱼式攻击, 恶意行为者在哪里使用社会工程, 比如一封欺骗的电子邮件, to trick a victim into giving up their credentials, have particularly been on the rise in recent weeks, 莱恩·菲克尔说, chief technology officer and chief information security officer at AE 财富管理.
“Financial services firms should take this opportunity to be proactive in a number of areas to prevent these exploits,菲克尔说. “For smaller firms who do not have dedicated internal infrastructure and security resources, a qualified services provider should be hired to ensure all devices and software are patched, and proper security controls are in place and actively monitored.”
Educating and training staff remains one of the most cost-effective methods of preventing attacks, Fickel说. But one thing every firm should do is implement multifactor authentication wherever possible, 他说. MFA requires verifying credentials with two mechanisms (such as receiving a code texted to your phone after you input your password), which can make systems much harder for malicious actors to access.
然而, even basic cybersecurity practices are still not being followed by many firms, 大卫·墨菲说, a former consultant for the National Security Agency’s computer network operations team and manager of cybersecurity at consultancy firm Schneider Downs. “Password weakness continues to be a significant problem, and the second thing is general [software] patching … Some things aren’t automatic updates. You have to manually go through and update systems.”
This is the first time the intelligence community has mentioned a specific increased threat from Russia to the general public, 他补充说. 即使俄罗斯不发起攻击, it's important for firms to keep up their awareness and comply with
“即使在乌克兰冲突结束之后, I see it as something only increasing with time,墨菲说.
