IDX President and CEO Tom Kelly Discusses the Rise of Cyberattacks from Russia and the Threats Facing American Workers

As featured on Coffee with Closers

The growing threat of cyberattacks from Russia could have far-reaching consequences for American enterprises and workers as the situation in Ukraine continues to worsen and the U.S. and our allies impose further sanctions on Moscow.

Tom Kelly, president and CEO of IDX, sat down with Pinkston’s Coffee with Closers podcast to discuss the state of cyberwarfare and what the Russian cyber threat means for American enterprises and workers.

As the White House warns enterprises to be prepared for an imminent cyberattack, Tom noted that the threat from Russia has been ongoing for years, citing the SolarWinds and Colonial Pipeline attacks. He added that cyberwarfare is not just meant for disruption but to create confusion among the population.

Tom expressed support for recent actions taken by the U.S. government and enterprises to harden our national cyber defense. But he noted that enterprises and individuals are still vulnerable because bad actors have more ways than ever to harvest personally identifiable information (PII) and target information technology systems.

Tom pointed out that most cyberattacks are successful due to human error. “Most of these attacks ultimately can be traced back to a compromised set of credentials, passwords — somebody who clicked on something or did something wrong,” he said.

The most common attack surface used to be email. Individuals would click on compromised links that exposed their systems to an attack. Now the primary attack surfaces are social media platforms. Individuals often believe they are more secure on social media because their networks usually consist of people they know, but Tom warned that social media has made phishing attacks and other breaches far more dangerous.

And with the migration to remote work over the last years, during which millions of people moved into environments that were less hardened and had fewer security protections, cyberattacks pose an even greater threat to enterprises and individuals.

Tom argued that enterprises should be responsible for protecting their remote employees. That means educating employees about the risks that are out there and providing logical and easy-to-do steps to make them more secure.

Individuals can take steps to protect themselves too. That could mean avoiding public networks, limiting their social media presence, changing passwords often and having an offline data storage option.

“The individual is not thinking about their own security as much as they need to be,” Tom warned. “And that is a real issue. Individuals need to change their perspective … on how much risk they are at right now.”

Enterprises and individuals need to be prepared against the imminent Russian cyber threat. But the tools you need to protect your business or personal information are available to you.