Russia and Ukraine are waging a cyberwar against each other. There have been a number of DDoS attacks on Ukrainian websites, purportedly by Russia, and, according to Meta (the company that owns Facebook), there is a concerted effort to spread disinformation among Ukrainian military officials and politicians. A number of Ukrainian government systems and banks were attacked even before the first bomb was dropped on Kyiv. In retaliation, Ukraine has established an “IT army” of its own, to hack Russian organisations.
The cyber aggression between the two countries is, so far, contained and focused. South Africa is unlikely to be a direct target for a cyber offensive, but experts believe there may be a spill-over effect. We face risks on multiple levels, and some of them are not obvious.
Ukraine produces neon, a key component in silicon chips. Russia exports elements used in the manufacture of semiconductors, among other things. Whether supply is interrupted logistically by the conflict or through a refusal to provide goods to sympathisers of the Ukraine cause, it could have an impact on the products you need. Furthermore, a number of software engineers, code writers, and hosted services are based in Ukraine. If you outsource IT services to one of these, you may have a problem.
There is controversy among cybersecurity experts about whether Russia would target Western infrastructure. But the US Cybersecurity and Infrastructure Security Agency (CISA) and the European Central Bank (ECB) have warned of the risk of retaliation if sanctions are imposed on Russia. We cannot rule out attacks on infrastructure such as transport systems, banking systems, etc., by Russia to cause economic havoc. If this does happen, Europe or the US are more likely to be the focus rather than South Africa. But whether or not we are the target, we are bound to feel the effects, as we are part of the global economy.
We could also feel the spill-over effects of network disruptions. Cryptocurrency is likely to be a key target, and malware could spread rapidly. Many South African companies are part of larger global organisations, with internationally connected systems and networks. National borders are porous in the face of heightened cybercrime activity.
Russia is home to some of the world’s most sophisticated hackers, and they have a history of carrying out cyberattacks on anyone they see as opposed to the Russian government, motivated by patriotism, not commercial gain.
It’s also likely that non-state actors who are motivated by greed will capitalise on the chaos, uncertainty, and pro-Ukrainian sentiment. Already there have been a number of phishing scams, inviting people to donate money for humanitarian aid. These often contain heart-wrenching videos of suffering, guaranteed to make the more altruistic in society reach for their wallets.
Cyber risk does not exist in a silo. It is a business risk, and the two should be considered together.
Now is the time to review your business continuity plan. If the worst happens, and your data is held to ransom, or your network goes down (or that of a key supplier or customer), how will you ensure you can do business? Have a clear contingency plan. In the event of a cyber strike, there is no time to plan; you need to implement it straight away to mitigate any further damage or loss.
Check your supply chain. As mentioned above, Ukraine is home to a number of IT services. Are you dependent on them, perhaps through a third-party supplier? Ukraine’s Ministry of Foreign Affairs claims that over 100 Fortune 500 companies have some reliance on Ukrainian IT services. Make sure you can pivot quickly if your service provider is suddenly unable to function.
Your first response might be to make sure your perimeter is secure. But it’s important to think beyond your perimeter. Look inside your infrastructure at vulnerabilities and strengthen them. Make sure your patches are up to date. If you don’t already employ a Managed Detection and Response (MDR) service such as Alert Logic, now is the time to do so.
Alert Logic’s team of professionals continuously monitors network traffic and scans more than 140 billion log messages daily. The team is highly specialised, including security operations analysts, threat intelligence researchers, web application specialists, data scientists, implementation architects, security project managers and solutions specialists. In light of the crisis in Ukraine, Alert Logic is exercising extra vigilance over the threat landscape and has a process in place called “Emerging Threats”, which it deploys in the event of an urgent cybersecurity issue. NEWORDER is proud to partner with Alert Logic to give you a first line of defence against threats.
Don’t overlook the important role your employees play in keeping you safe. Phishing is still the no. 1 attack vector. As previously mentioned, emails fraudulently soliciting donations for aid are making the rounds, as well as invitations to get involved in cryptocurrency. Provide refresher training to employees on the risk of opening links or attachments in emails from unknown senders…and from known senders if the email looks at all unusual or suspicious.
Ensure effective password management, and implement multifactor authentication on all apps. Discourage use of public Wi-Fi. Give employees who need to work on the go a dongle or sufficient data to connect via their smartphone.
The world situation is unsettling. But there is no need for panic. We can help you manage your cyber risk. For more information on Alert Logic and the NEWORDER full range of Information Security and Cyber Security services, contact us today for a no-obligation discussion.
