Cybersecurity experts: Don't panic over a potential cyberattack, but start preparing for one

2022-02-28 09:05

Reports

Shields up: How a possible cyberattack could affect Americans and how to prepare

ByIvan Pereira andLuke Barr-abc news

Experts say the Russia-Ukraine conflict puts the world in uncharted territory.

Cybersecurity experts tell ABC News that people shouldn't panic over a potential cyberattack, but they should start preparing for one.

"Freaking out is not a productive thing to do. There are lots of reasons to think that the fact that something is out there but that doesn't mean it could happen," Stuart Madnick, the founding director of Cybersecurity at MIT Sloan, told ABC News. "But there are still a number of things that people can do to stay safe and protected."

Madnick, whose group has consulted with U.S. agencies and private companies such as Nasdaq, said the world is in uncharted territory when it comes to cyber security since this involves alleged cyberattacks by a major superpower. However, what has transpired so far is similar to previous cyber security incidents, he said.

There are two types of cyberattacks, he said: ones that have an indirect impact on people's livelihood and attacks targeting the tech of specific people.

The biggest indirect hacking examples in the past have targeted key infrastructure points such as the Colonial Pipeline ransomware attack in May 2021, which affected everything from gas prices to flights.

"In the last two years, we've been seeing more of these attacks around the world," Madnick said. "You need to realize how many of our systems are connected to computers and just one hack can have bigger effects."

On Friday, Ukrainian officials warned of a phishing scheme emanating from Belarus, which pretended to be a member of the Ukrainian cybersecurity agency.

Javed Ali, the former senior director of counterterrorism at the National Security Council, told ABC News that the attacks could escalate to affect utilities, such as gas and electricity.

Madnick warned that cyberattacks on the Ukrainian computer systems could potentially spill over to other regions depending on how close computer networks work.

However, he noted, that U.S. officials are paying close attention to online activity.

"The thresholds for those operations being launched, the effects, [and] the duration those are all things would have to be thought through very carefully," Ali said. "But U.S. Cyber Command is the lead for military operations from the United States, has a world-class capability."

Earlier this week, the U.S. Cybersecurity & Infrastructure Security Agency sent an advisory to businesses and organizations urging them to enact a "shields up" guidance.

The federal government has called on businesses to make sure their information technology teams update their computer software to close any vulnerabilities and train their employees to watch out for any malware.

Madnick said the preparedness of such attacks varies by sector and their experience as cyberattack victims.

"Organizations like banks that have been targeted for a long time have done a better job in shoring up their cybersecurity," he said. "Others, like hospitals and smaller municipalities that haven’t been attacked in the past tend not to do well."

Madnick said when it comes to individual Americans, there is very little they could do to prevent an indirect attack on the country's infrastructure systems, but they should always prepare for the possibility. He likened it to preparing for a big storm and suggested that individuals who are concerned about their money should always have cash available for emergencies.

Madnick also urged people to back up their important computer files, including bank statements, important e-mails and other documents frequently and to offline sources such as an external drive.

"Everyone should be doing this regardless of increasing cyber threats," he said.

Madnick said cyber attackers linked to foreign agencies wouldn't likely conduct attacks that target individual Americans, but people should still be mindful of the vulnerabilities in their tech. Having updated anti-virus and malware software, staying on top of computer updates and avoiding any suspicious links and e-mails, go a long way he said.

"Cyberattacks and cyber security are not something we talk about a lot, but we need to," he said. "This is not a brand new issue."