Russia Cyber Security. We have all heard the warnings of an imminent Russian invasion of Ukraine. News networks and social media have been full of footage of Russian forces preparing to fight. In the shadows of the internet, we have been monitoring Russia’s formidable cyber-warfare force in their preparations to unleash a new wave of cyber-attacks on Ukrainian targets. But it is not just the Ukrainian targets that are in their sights; it is also western energy, logistics, oil, finance, and communications infrastructure. And now the invasion has happened. What does this mean for Cyber Security?
As a business or IT leader, you most likely have assessed whether your people could be at risk and your operations that might be affected. You may have also considered if your supply chains might be interrupted. But have you considered if you are also in the target sights? Do you provide goods or services to suppliers of Ukraine? Could your business be seen as being a viable target? When was your last penetration test or cyber attack simulation? It is too late if you are just now considering your cyber posture.
Effective cyber defense is a long term process that requires strategic investment, not a last-minute consideration such as Russia Cyber Security would have you think. Is your Security Operations Center thinking about this?
Invasion by Russia has led to some of the most comprehensive and dramatic sanctions ever imposed. Russia will view these measures as economic warfare, possibly leading them to retaliate using its considerable cyber capability asymmetrically.
What have we seen so far? Early-stage attacks began a few weeks ago with Ukrainian government systems and banks attacked in the past week and vigilant companies reporting a dramatic increase in cyber probing. Within the IP address space of Gibraltar, where we operate a comprehensive attack analysis network of honeypots. We have already observed attacks from groups attributed to the Russian government by U.S. government agencies performing reconnaissance against industrial infrastructure over the last two months.
We anticipate continued Russian cyber-attacks and assess the potential for second and third-order effects on their operations.
What do we expect to see? Over the coming weeks, possibly months, we expect to see an increase in attacks and scams in conjunction with the Ukraine crisis. These attacks and scams will lead businesses and organisations to conduct continual risk assessments to assess their exposure. These attacks are likely to be contingent on whether the company is perceived to be in the Ukrainian supply chain.
What should we be doing? The first thing to do is take out and exercise business continuity plans. If your internet connectivity was severed, how would you deal with it? Could your business survive in the analogue world, or a pencil-and-paper world, for days, weeks, or months?
Second, closely examine your supply chain and your client chain. Is there a hidden dependence upon Ukrainian-based software engineers? Have your outsourced functions relied on eastern European developers or hosted services?
According to Ukraine’s Ministry of Foreign Affairs, more than 100 of the world’s Fortune 500 companies rely partially on Ukrainian IT services. Ukrainian IT firms are in the top 100 outsourcing options globally.
Third, connecting with peer networks, vendors, and government resources such as CiSP and your local CERT improves your success rates in identifying and mitigating cyber intrusions. Reach out to cyber and intelligence units at peer companies and communities, especially those closely watching the same threats. Share anomalous or malicious cyber activity with your local CERT for greater awareness to help build a collective defense.
Fourth, get your current cyber security in line. Enabling multi-factor authentication reduces the chances of a successful account compromise by 99%. Ensure passwords are long, not strong. Sixteen characters are great, but twelve is OK. Get all of the patches applied and bring all your workstations up to the latest version. Check that all systems are running their endpoint protection agents and the AV is enabled. Each of these four points will improve your cyber security, but collectively they will make you a much harder target should the sights fall on you.
And lastly, Five. Recognize that cyber security is not an IT issue but a business issue, and the risk lies with the business. In the face of cyber threats, leadership teams all too often look to IT for a solution, but IT is only a tiny part of the solution. You much consider that security and geopolitical risk assessments must go hand in hand.