EU Think Tank
  • Home
  • Business
  • Leadership
  • Economics
  • Recruitment
  • Innovation
  • Strategy
  • More
    • Customer Experience
    • Managing People
    • Managing Yourself
    • Communication
    • Marketing
    • Organizational Culture
    • Technology
Featured Posts
    • Marketing
    How Marketing Leaders Are Driving Growth in the New Era of Event Planning – SPONSOR CONTENT FROM CVENT
    • June 30, 2022
    • Managing People
    Developing ESG Strategy Is Hard, But Executing It Is Even Harder – SPONSOR CONTENT FROM DAGGERWING GROUP
    • June 30, 2022
    • Organizational Culture
    Are Your Organization’s DEI Efforts Superficial or Structural?
    • June 29, 2022
    • Strategy
    Does Your Strategy Have a Spine?
    • June 29, 2022
    • Managing People
    Supporting Your Team’s Mental Health After a Violent News Event
    • June 29, 2022
Featured Categories
Business
View Posts
Communication
View Posts
Customer Experience
View Posts
Economics
View Posts
Green
View Posts
Health
View Posts
Hiring and Recruitment
View Posts
Innovation
View Posts
Leadership
View Posts
Managing People
View Posts
Managing Yourself
View Posts
Marketing
View Posts
Middle East
View Posts
News
View Posts
Organizational Culture
View Posts
Russia
View Posts
Saudi Arabia
View Posts
Strategy
View Posts
Technology
View Posts
Ukraine
View Posts
Uncategorized
View Posts
EU Think Tank EU Think Tank
7K
9K
4K
1K
EU Think Tank EU Think Tank
  • Home
  • Business
  • Leadership
  • Economics
  • Recruitment
  • Innovation
  • Strategy
  • More
    • Customer Experience
    • Managing People
    • Managing Yourself
    • Communication
    • Marketing
    • Organizational Culture
    • Technology
  • Technology

The Cybersecurity Risks of an Escalating Russia-Ukraine Conflict

  • February 19, 2022
  • euthinktank
Total
0
Shares
0
0
0

With the looming threat of increased conflict in Ukraine, businesses around the world should be preparing now. Corporate security and intelligence teams have said they’re seeing an increase in cyber probes, and the U.S. Cybersecurity and Infrastructure Security Agency and the European Central Bank have both issued warnings about potential Russian cyberattacks. At this point, companies should be taking the following steps: 1) Review your business continuity plans; 2) Closely examine your supply chain; 3) actively engage your peer networks, vendors, and law enforcement around cyber intrusions; 4) Instill a security mindset in your employees; and 5) Make sure your corporate intelligence and IT teams are working closely together on solutions.

As warnings of an imminent Russian attack on Ukraine proliferate, news networks and social media have featured clips of Russian armed forces training, exercising, and preparing to fight. Less visible are Russia’s formidable cyber forces that would be preparing to unleash a new wave of cyber-attacks on Ukrainian and western energy, finance, and communications infrastructure. Whether an invasion occurs now or not, tensions will remain high, and the cyber threat will likely wax, not wane.

The implications for business of conflict in Ukraine — whether conventional, cyber, or hybrid — will be felt far beyond the region’s borders. As a business leader, you’ve likely already assessed whether you have people at risk, operations that might be affected, or supply chains that might be interrupted. The White House recently warned of the supply-chain vulnerabilities stemming from the U.S. chip industry’s reliance on Ukrainian-sourced neon. And Russia also exports a number of elements critical to the manufacturing of semiconductors, jet engines, automobiles, agriculture, and medicines, as detailed in a Twitter thread by former Crowdstrike CTO, Dmitri Alperovitch. Given the existing pressure on U.S. supply chains from the Covid-19 pandemic, adding further shock to the system is worrisome.

But if you are just now evaluating your cyber posture, you are probably too late. Effective cyber defense is a long game requiring sustained strategic investment, not a last-minute bolt on.

Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced. Invasion by Russia would lead to the most comprehensive and dramatic sanctions ever imposed on Russia, which views such measures as economic warfare. Russia will not stand by, but will instead respond asymmetrically using its considerable cyber capability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning of the risk of Russian cyberattacks spilling over onto U.S. networks, which follows previous CISA warnings on the risks posed by Russian cyberattacks for U.S. critical infrastructure. The European Central Bank (ECB) has warned European financial institutions of the risk of retaliatory Russian cyber-attacks in the event of sanctions and related market disruptions.

Early cyber skirmishing has already begun, with Ukrainian government systems and banks attacked in the past week, and vigilant U.S. companies noting a dramatic increase in cyber probing. Rob Lee, CEO of the cybersecurity firm Dragos told us, “We have observed threat groups that have been attributed to the Russian government by U.S. government agencies performing reconnaissance against U.S. industrial infrastructure, including key electric and natural gas sites in recent months.”

The security and intelligence teams at several major multinationals indicated to us that they are anticipating Russian cyberattacks and assessing the potential for second and third-order effects on their operations. Some companies noted that they are anticipating an increase in attacks and scams in conjunction with the Ukraine crisis, with risk assessments typically contingent on whether the company has direct links to Ukrainian national banks or other critical infrastructure. One corporate intelligence manager observed that their cyber team “doesn’t think we’re a likely target,” but has been following CISA guidance. Another similarly indicated that their company was not concerned with direct threats to their data, because they have no presence in Ukraine or Russia, but were watching for indirect impacts on their customers and business partners in the region.

So, if it is too late to improve your cyber defense and conflict appears imminent, what can leaders do besides throw up your arms?

The first rule is that a cyber or IT problem quickly becomes a business problem. The primary step firms should be taking right now is pulling out, dusting off, and exercising business continuity plans. What would it mean to work in an analog world, or a pencil-and-paper world, for days, weeks, or months? When Saudi Aramco was hit by a cyberattack, 30,000 corporate laptops were turned into paper weights in the span of seconds. Take out your pen knife and poke under the crisis response paint. Ask: “If my IT systems go down, how am I going to track my inventory, manage my accounts, or communicate with my offices and plants?”

Second, closely examine your supply chain. Your firm may face the risk of hidden dependence upon Ukrainian-based software engineers, code writers, or hosted services. Ukraine’s Ministry of Foreign Affairs reports that more than 100 of the world’s Fortune 500 companies rely at least partially on Ukrainian IT services, with several Ukrainian IT firms being among the top 100 outsourcing options for IT services globally.

Third, connecting with peer networks, vendors, and the FBI can dramatically improve your odds of identifying and mitigating cyber intrusions. Empower your teams to reach out to cyber and intelligence teams at peer companies, and to federal and local government partners who are closely watching the same threats. Ensure that your teams know their regional CISA representatives and local FBI field office and that they’re on their mailing lists to stay on top of alerts and warnings. Share anomalous or malicious cyber activity with federal and local partners for greater awareness to help build a collective defense.

Fourth, instill a security mindset in your employees. Enabling multifactor authentication (which, according to CISA Director Jen Easterly makes you 99% less likely to get hacked), patching those old vulnerabilities, ensuring passwords are strong, and remembering that phishing is still the number one attack vector, even for sophisticated adversaries — all of these can contribute to better overall security.

Finally, recognize cyber security as closely connected to overall business security and risk. In face of cyber threats, corporate leadership too often turns to IT for a solution, but IT security and geopolitical risk assessments must go hand in hand.

Teams looking at cyber security, geopolitical risk, and physical security should be working closely together, not in silos. In one case, a corporate intelligence manager told us that he had produced a joint assessment with his cyber intelligence team on Russia-Ukraine — the first time they had ever cooperated in that way. In this case, the crisis built on pre-existing relationships and prompted new levels of cooperation.

If you’re building relationships in crisis, it may be too late. It’s far better to build communication and cooperation before disaster strikes. Be wary of risk assessments that assign too much weight to proximity or presence. In a cyber war, innocent bystanders far afield can be hit by stray cyber bullets or precise cyber sniper fire.

In a crisis, corporate resilience and business continuity plans become paramount, and these require whole of company attention and solutions. With the threat of war in Europe looming, which will certainly include cyber, it is time to pull out those contingency plans and test if they are current, realistic, and fit for purpose.

Total
0
Shares
Share 0
Tweet 0
Pin it 0
You May Also Like
Read More
  • Technology

Monitoring Employees Makes Them More Likely to Break Rules

  • euthinktank
  • June 27, 2022
Read More
  • Technology

Dehumanization Is a Feature of Gig Work, Not a Bug

  • euthinktank
  • June 23, 2022
Read More
  • Technology

How AI Can Make Strategy More Human

  • euthinktank
  • June 22, 2022
Read More
  • Technology

Why Build in Web3

  • euthinktank
  • June 22, 2022
Read More
  • Technology

Building Transparency into AI Projects

  • euthinktank
  • June 20, 2022
Read More
  • Health
  • Innovation
  • News
  • Technology

The Global Mission to Tackle Cancer

  • Sam Tilston
  • June 14, 2022
Read More
  • Technology

Why You Need an AI Ethics Committee

  • euthinktank
  • June 14, 2022
Read More
  • Technology

Exploring the Metaverse

  • euthinktank
  • June 14, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Featured Posts
  • 1
    How Marketing Leaders Are Driving Growth in the New Era of Event Planning – SPONSOR CONTENT FROM CVENT
    • June 30, 2022
  • 2
    Developing ESG Strategy Is Hard, But Executing It Is Even Harder – SPONSOR CONTENT FROM DAGGERWING GROUP
    • June 30, 2022
  • 3
    Are Your Organization’s DEI Efforts Superficial or Structural?
    • June 29, 2022
  • 4
    Does Your Strategy Have a Spine?
    • June 29, 2022
  • 5
    Supporting Your Team’s Mental Health After a Violent News Event
    • June 29, 2022
Recent Posts
  • Are Former Startup Founders Less Hireable?
    • June 28, 2022
  • Help Your Team (Actually) Work Smarter, Not Harder
    • June 28, 2022
  • Inclusive Workplaces Start with Inclusive Leaders – SPONSOR CONTENT FROM BETTERUP
    • June 28, 2022

Sign Up for Our Newsletters

Subscribe now to our newsletter

EU Think Tank
  • Home
  • Privacy Policy
  • Guest Post
  • Contact

Input your search keywords and press Enter.