First, understand that Russian-based attacks have been going on for at least one decade and that Russian operatives have gotten very good at ransomware, theft of intellectual property, theft of funds, etc.  The three Russian spy agencies are all involved including FSB, GRU and SVR; the Russian state also provides haven for numerous criminal hacker gangs. The most recent attack attributed to these agents was the May 2021 Colonial Pipeline attack that affected gasoline supplies here in Connecticut. So, a cyber-attack attributed to Russian agents would not be new, just business as usual for them.  We can hope that we will not be subject to a cyberattack originated by the Russian military.

Defending against attacks is mainly a matter of implementing security good hygiene ahead of time. Relatively few things can be done overnight. Quinnipiac has been proactive in implementing good security practices including: two-factor authentication for accessing university accounts; email filtering to detect malicious links and attachments; and regular security awareness training. The security page within MyQ gives students and faculty an email address to forward suspicious-looking emails: informationsecurity@quinnipiac.edu

What can individuals do? No technology is flawless, and users must always be alert.  The two biggest risks today are: phishing attacks and disinformation. Phishing emails can launch ransomware attacks or attempt to steal login credentials to bank accounts and credit card accounts. Make sure you trust the sender of any email you receive.  Were you expecting the email you just got?  Also, you should implement two-factor authentication on all sensitive accounts that you own. This can make use of your cell phone or another token that provides a “one-time password.” You will be protected from hackers attempting to access your information or money.

The other significant risk is that of disinformation. It is a long-time technique used by Russian operatives to undermine democratic countries. It is being used in overdrive within Russia and state-run media. Some of this spills over to social media accounts and network news reports around the world including the US. It is important to employ all of your critical-thinking skills to check whether a social media post is accurate or even who posted it. Unfortunately, this is the world we live in. Astronomer Carl Sagan in 2011 was ahead of his time when he outlined his “Baloney Detector” as a technique to combat fake news. You can Google this term to see his nine-step technique to discern fact from fiction.

As the President said, good cybersecurity is a matter of national urgency and success can be achieved only through government, businesses and individuals all working toward that common goal.