The Cybersecurity Implications Of The Russia-Ukraine Conflict
At this hour, the world is hurting in ways that people did not expect. The Ukrainian crisis has erupted into a significant conflict and whatever the ultimate outcome, the world will never be the same. As a company, we have employees, contractors and families that live in both the Ukraine and Russia. We are worried for their safety above all, as most are unable to leave. With the financial complications and sanctions, we now may not even be able to pay them. I know there are other companies and organizations trying to figure out what to do about their employees, partners, and the grave threats that they face. There is no doubt that the human cost will endure longer than the effects of artillery and we hope that cooler heads ultimately and quickly prevail, especially with the specter of a nuclear war now looming large.
Massive Surge in Attacks
Immediately after the conflict broke out, suspected Russian-sourced cyber-attacks were observed over a 48-hour period at an increase of over 800%. U.S. cybersecurity agencies, the FBI, and the Department of Homeland Security have all shared high alerts covering threat levels, preparedness, and response. This is as critical as it can possibly get. Hostile cyber warfare is one of the primary tools of the modern global military today, and there is little doubt that this series of global events have been planned for some time. Historically speaking, nefarious state-sponsored cyber-activities have escalated when geo-political tensions are high.
We do not know the form of attacks that will emerge, or those that may emerge successfully, but with a history of previous international attacks, we must have our eyes open for:
- Advanced Persistent Threats (APTs)
- Network attacks
- Zero-Day vulnerabilities
- Code flaw vulnerabilities
- Privilege escalation
- Data anomalies
- Network anomalies
- Or – some combination of any of the above.
Internationally, governments have shared the following general outlines for cyber security preparations:
1. Patch Internet-Facing and Business Critical Software: Patch for all software and all vulnerabilities, even the old ones. Take no shortcuts because if you only patch against known attacks in the wild, you may get caught. If it’s on the internet anywhere, in any way, or handles your traffic, communications, or remote business operations – patch it.
2. Prepare for Ransomware and/or Data Destruction: Ransomware is bad enough, but many have become accustomed to the behavior of demanding a ransom. Those same methodologies and vulnerabilities can also destroy data with a simple disposal of the decryption key or a simple rewrite. Recovering from attacks is much more than nullifying the threat – it means coming back from a disaster. Test your backups, validate your recovery plans, and continuity plans as well. Take the path of scenario planning on every component of your systems.
3. Be Prepared to Respond Quickly: Have your response organization finely tuned. Consider what might happen if emails are out. Consider who will be the incident manager and that all non-email contacts are up to date. Walk through and reinforce how information for teams, customers, and employees will be shared in the event of a crisis.
4. Lock Down Your Network: Batten down the hatches. It may seem inconvenient to run through every aspect of your network, especially when you are used to sending links to team members and clients or using a convenient chat application. However, it may be time to modify policies and affect the convenient experiences until some point in the future. Basically, if you can figure out a way to function without and you can eliminate a potential risk point, you should do it.
An Urgent Call to Go Beyond the Basics
Those are the basics above, but there is a present and imminent danger facing US companies. The basics are not enough. Every organization, without exception, must act with extreme urgency to secure its information technology infrastructures. President Biden shared a warning about cyber-attacks leading to a “real shooting war” in a recent speech. No matter how small the company, a breach can lead to a national security emergency as we clearly saw with the SolarWind breach. The best possible approach is to leverage the methodology of security, recovery, and assurance into a comprehensive security mission. They must keep watch 24x7x365 and there is no room for exception. If an organization or company cannot do this level of security themselves, they are vulnerable. Know that the sphere of business is all about collaboration and the best way to get through this is to work together. If you don’t have a competent security team to help (and most don’t), you absolutely must find a reputable security partner immediately.
We Must Work as a Community
We have arrived at this moment of truth: This kinetic war in Ukraine combined with the global cyber war is the test of our times, a trial of our resolve, and a reckoning for our cyber secure abilities. All the while, as rogue nations are built on cyber offensive attacks, our postures need to be built on the foundations of security because our assets are significant and prized targets. All information technology personnel must be vigilant on duty, keeping watch, and prepared to work diligently to protect customers, businesses, and systems.
The Soft Underbelly
As real as any military, political, and economic threats are, cyber threats are an unfortunate reality. All organizations, especially sensitive and critical industries can expect heightened threats of the scale and variety never seen specially as sanctions start to take a toll. Smaller organizations will most certainly be a target as they are considered the soft underbelly of this war.
Financial institutions, critical infrastructure, government contractors, even providers of the internet itself must be prepared for what is happening and will continue to happen for some time to come. This is not just about one country – there are other global adversaries out there right now, executing their own opportunistic attacks. We can expect that as financial sanctions increase, retaliatory tensions from all nation-state operations will also rise. There is much, much more to come, and much more to fear for the unprepared.
Make no mistake, we are witnessing unprecedented times. We have never faced the aspects of war that we do today – where attacks can be executed at lightning speed from anywhere in the world. As I have said before, packets can cause bullets and none of us want to be the weak link against the global cybercrime syndicates. Whether brazen or anonymous, attacks against our financial systems and our core infrastructure systems such as power, water, health, and the very internet itself should be expected, and can be rendered unusable through cyber-attacks. In the face of these threats, cybersecurity is no longer some afterthought. Cybersecurity is basic survival, and it has never been more important, especially in light of the escalating Russia-Ukraine conflict.