As the Russia-Ukraine war continues to escalate, it's clear that we have entered an era of cyber-warfare with the impact of cybersecurity attacks becoming a real threat all around the world. Although there are no credible threats to the U.S. at this time, the current conflict in Europe has involved cyber-attacks on the Ukrainian government and critical infrastructure establishments that could impact organizations both within and beyond the region. Therefore, it is imperative that organizations throughout the world be on high alert and prepared to respond to disruptive cyber activity to mitigate the impact of global cyber-attacks.
The Spread of the Cyberwar
The forefront of the cyberwar is currently in Eastern Europe, but its impact and reach could have global effects. Immediately following Russia's invasion of Ukraine, online attacks against Ukrainian governments and military increased by 196%, and authorities in Ukraine estimate that approximately 400,000 multinational computer hackers have volunteered to help Ukraine counter these digital attacks.¹ This digital conflict proves that the online front of the war can, and has, jumped borders. Accordingly, the scope of this cyberwar has the potential to become global.
A look into history can reveal how easily the consequences of cyber warfare can have a global impact. For instance, in 2017 a suspected Russian cyber-attack initially disrupted Ukrainian airports, railways, and banks; however, the attack eventually spread around the world infecting a diverse array of multinational companies.² Given the interdependence of critical infrastructure sectors such as electricity and communications, another aggressive cyber-attack that spreads beyond Eastern Europe in a similar manner could shut down many infrastructure sectors at the same time, thus magnifying the global impact.
Cybersecurity Guidance for All Organizations
Due to the cyberwar, all organizations must adopt an elevated sense of urgency and attention when it comes to cybersecurity and protecting their critical assets. To aid in the progressive movement for greater cybersecurity measures around the nation, the Cybersecurity & Infrastructure Security Agency (CISA) has released a set of recommendations to prepare organizations for cyberattacks and mitigate their impact.³ Those recommendations include:
- Reducing the likelihood of falling victim to a cyberattack:
o To reduce the likelihood of experiencing highly damaging effects of a cyber intrusion, organizations should confirm that all of their networks' remote access points require multi-factor authentication, ensure that all software being used is up to date with patches for known exploited vulnerabilities, and confirm that the organization's IT personnel have disabled all ports and protocols not essential for business purposes.
- Taking steps to quickly detect a potential cyberattack:
o All organizations should ensure that IT and cybersecurity teams are focused on identifying and quickly assessing any unexpected or suspicious network behavior. Keeping an accurate log can streamline this process by allowing IT personnel to better investigate issues or events. Moreover, every organization's entire network should be protected by regularly updated antivirus and antimalware software. If your organization does any business with Ukrainian organizations, you should take extra precautions to monitor, inspect, and isolate traffic from those organizations while closely reviewing the access controls for that traffic.
- Ensuring that your organization is prepared to respond to a cyberattack:
o Your organization must align itself with trusted advisors, such as competent legal counsel, that can assist in the process of designating an incident response team and developing a written incident response plan. Having the proper policies and procedures in place will allow your organization to respond to any cyber-incident quickly and appropriately while reducing exposure to risk in the process.
- Maximizing your organization's capacity to recover from destructive cyber-incidents:
o Every
organization should regularly test backup procedures to ensure that
its critical data can be rapidly restored if the organization is
impacted by malware. Backups should be isolated from network
connections to reduce the likelihood of becoming compromised during
a cyberattack.
By following CISA's recommendations, all organizations can make substantial progress toward advancing their cybersecurity measures. However, corporate leaders play a substantial role in ensuring that their organizations adopt the heightened security posture needed to set forth such advancements. Thus, your organization's management should include cybersecurity personnel in the decision-making process when assessing risk to the company and weighing security improvements against the cost and operational implications to the business.
Footnotes
2. https://hbr.org/2022/03/what-russias-ongoing-cyberattacks-in-ukraine-suggest-about-the-future-of-cyber-warfare.
3. https://www.cisa.gov/shields-up.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
