CYBERWARFARE AND THE RUSSIA-UKRAINE CONFLICT

The risk of a cyberattack is heightened – but you can protect yourself

We are all shocked and saddened by the images coming out of Ukraine as Russia continues to pound Kyiv and Mariupol. We hope for a speedy resolution to the conflict. You may not realise there is another war going on that is less visible; a cyberwar. While it does not carry the direct threat to life that military bombardment does, cyberwarfare nevertheless poses a genuine danger to businesses and private individuals around the globe. However, there are steps you can take to protect your business from the risk of cyberattacks.

Cyberwarfare

Russia and Ukraine are waging a cyberwar against each other. There have been a number of DDoS attacks on Ukrainian websites, purportedly by Russia, and, according to Meta (the company that owns Facebook), there is a concerted effort to spread disinformation among Ukrainian military officials and politicians. A number of Ukrainian government systems and banks were attacked even before the first bomb was dropped on Kyiv. In retaliation, Ukraine has established an “IT army” of its own, to hack Russian organisations.

Risks on multiple levels

The cyber aggression between the two countries is, so far, contained and focused. South Africa is unlikely to be a direct target for a cyber offensive, but experts believe there may be a spill-over effect. We face risks on multiple levels, and some of them are not obvious.

Supply chain interruptions

Ukraine produces neon, a key component in silicon chips. Russia exports elements used in the manufacture of semiconductors, among other things. Whether supply is interrupted logistically by the conflict or through a refusal to provide goods to sympathisers of the Ukraine cause, it could have an impact on the products you need. Furthermore, a number of software engineers, code writers, and hosted services are based in Ukraine. If you outsource IT services to one of these, you may have a problem.

Retaliatory Russian cyberattacks

There is controversy among cybersecurity experts about whether Russia would target Western infrastructure. But the US Cybersecurity and Infrastructure Security Agency (CISA) and the European Central Bank (ECB) have warned of the risk of retaliation if sanctions are imposed on Russia. We cannot rule out attacks on infrastructure such as transport systems, banking systems, etc., by Russia to cause economic havoc. If this does happen, Europe or the US are more likely to be the focus rather than South Africa. But whether or not we are the target, we are bound to feel the effects, as we are part of the global economy.

We could also feel the spill-over effects of network disruptions. Cryptocurrency is likely to be a key target, and malware could spread rapidly. Many South African companies are part of larger global organisations, with internationally connected systems and networks. National borders are porous in the face of heightened cybercrime activity.

Patriotic hacking

Russia is home to some of the world’s most sophisticated hackers, and they have a history of carrying out cyberattacks on anyone they see as opposed to the Russian government, motivated by patriotism, not commercial gain.

It’s also likely that non-state actors who are motivated by greed will capitalise on the chaos, uncertainty, and pro-Ukrainian sentiment. Already there have been a number of phishing scams, inviting people to donate money for humanitarian aid. These often contain heart-wrenching videos of suffering, guaranteed to make the more altruistic in society reach for their wallets.

How you can defend your business – and how NEWORDER can help

Cyber risk does not exist in a silo. It is a business risk, and the two should be considered together.

Business continuity

Now is the time to review your business continuity plan. If the worst happens, and your data is held to ransom, or your network goes down (or that of a key supplier or customer), how will you ensure you can do business? Have a clear contingency plan. In the event of a cyber strike, there is no time to plan; you need to implement it straight away to mitigate any further damage or loss.

Supply chain management

Check your supply chain. As mentioned above, Ukraine is home to a number of IT services. Are you dependent on them, perhaps through a third-party supplier? Ukraine’s Ministry of Foreign Affairs claims that over 100 Fortune 500 companies have some reliance on Ukrainian IT services. Make sure you can pivot quickly if your service provider is suddenly unable to function.

Beyond the perimeter

Your first response might be to make sure your perimeter is secure. But it’s important to think beyond your perimeter. Look inside your infrastructure at vulnerabilities and strengthen them. Make sure your patches are up to date. If you don’t already employ a Managed Detection and Response (MDR) service such as Alert Logic, now is the time to do so.

Alert Logic’s threat protection

Alert Logic’s team of professionals continuously monitors network traffic and scans more than 140 billion log messages daily. The team is highly specialised, including security operations analysts, threat intelligence researchers, web application specialists, data scientists, implementation architects, security project managers and solutions specialists. In light of the crisis in Ukraine, Alert Logic is exercising extra vigilance over the threat landscape and has a process in place called “Emerging Threats”, which it deploys in the event of an urgent cybersecurity issue. NEWORDER is proud to partner with Alert Logic to give you a first line of defence against threats.

Employee awareness

Don’t overlook the important role your employees play in keeping you safe. Phishing is still the no. 1 attack vector. As previously mentioned, emails fraudulently soliciting donations for aid are making the rounds, as well as invitations to get involved in cryptocurrency. Provide refresher training to employees on the risk of opening links or attachments in emails from unknown senders…and from known senders if the email looks at all unusual or suspicious.

Ensure effective password management, and implement multifactor authentication on all apps. Discourage use of public Wi-Fi. Give employees who need to work on the go a dongle or sufficient data to connect via their smartphone.

 

Find out more

The world situation is unsettling. But there is no need for panic. We can help you manage your cyber risk. For more information on Alert Logic and the NEWORDER full range of Information Security and Cyber Security services, contact us today for a no-obligation discussion.