"The magnitude of Russia's cyber capacity is fairly consequential, and it's coming," Biden said on Monday during a quarterly meeting of Business Roundtable, adding that he "would respectfully suggest it's a patriotic obligation" for businesses to prioritize investments for their cyber defenses.
The president stressed for businesses to be vigilant since much of the country's infrastructure falls under the purview of the private sector. Infrastructure is an increasingly common target in cyberattacks as the ramifications are critical if key infrastructure goes offline for even just a short period. "I urge our private sector partners to harden your cyber defenses immediately," he added in a statement.
Biden's chilling warning arrives after the government issued a "shields-up" notice to U.S. organizations, which encourages businesses of all sizes to take precautions to reduce their chances of a cyberattack. And the U.S. is on high alert after imposing tougher sanctions against Russia for its continued invasion of Ukraine.
Instead of seeing Russian President Vladimir Putin carry out a cyberattack directly, there's also a chance that gangs of cybercriminals--like Conti and Sandworm--could be tapped instead. That's according to Sai Huda, founder and CEO of the San Diego-based cybersecurity platform provider CyberCatch.
"Inevitably, ransomware will be the choice of weapon because it will provide two benefits to Putin: economic harm to the U.S. economy, while also collecting ransom payments in bitcoins to funnel back into the Russian economy," Huda wrote in an e-mail.
Huda recommends that businesses implement incident response plans so that a business is prepared if it does fall victim to a ransomware attack. He also advises that businesses maintain backups offline to prevent the spread of ransomware. And continuous testing of cybersecurity controls is key to stay on top of any loopholes that can be exploited, he adds.
The stakes are high for businesses, hence why now is the time to monitor your security measures. There's also some low-hanging fruit that companies can start with, such as deploying password management tools and multifactor authentication--but taking more deliberate steps like incorporating cybersecurity into an IT budget is also key.
For other cybersecurity tips, check out these resources: