How to Protect Your Business Against Rising Cybersecurity Risks of the Russia-Ukraine Conflict

The FBI warned organizations of increased cybersecurity risks related to the Russia-Ukraine conflict earlier this week. It is possible that, as Russia-based cybercriminals become emboldened by Russia’s actions, they may deem organizations based in NATO countries as viable targets.

It is likely that attacks against for-profit organizations and essential service providers will increase significantly. While Russian actors such as the FSB will deploy attacks to disrupt the availability of services, other cybercriminals will be emboldened to target businesses with profit-driven attacks like ransomware, phishing and others.

What You Need to Know

• Attacks have happened, and more will happen — but they likely won’t be publicly claimed by Russia.
• Current attacks are likely coming from cybercriminals. Russian state actors are busy with the current conflict in Ukraine. If and when the conflict dies down, their focus may shift towards the EU and US. Therefore, there is only a short window of days and weeks to implement security protocols to protect against these attacks.
• Organizations are more likely to become a target of if they have a security weakness, or if a business partner is compromised.
• Russians have deployed malware that attempts to fully brick systems against the Ukraine. Distributed Denial of Service (DDoS) attacks will be used to disrupt service. However, these attacks are less popular for ransomware and other for-profit attackers.

How This Affects Your Organization

According to Cybersecurity and Infrastructure Security Agency (CISA), “All organizations —regardless of size — should adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

You may not think your organization will be affected by these cybersecurity risks, but your supply chain could be. Perhaps you rely on a partner who has a call center in Poland or Ukraine, which combined have more than one million employees working in their call centers. Or maybe you partner with developers in eastern Europe for software solutions and support. The impact of this attack may very well be regional destabilization that ripples down to your organization.

“If the situation in Ukraine continues to escalate, there will likely be an eventual wave of cyberattacks that would aim to affect businesses and disrupt the economy,” said Jason Middaugh, CISO at Inversion6 Technologies. “An attack on critical infrastructure which your business relies on can leave you the victim of collateral damage as payments go unprocessed, or facilities close from a power disruption.”

How to Proactively Protect Against Cybersecurity Risks

No matter the size of your organization, these are the steps you can take to prepare for a security incident, large or small:

Review Your Disaster Recovery Plans

At a minimum, organizations should re-evaluate their preparedness. Dust off your disaster recovery/business continuity plans and ensure they are accurate and up to date. Then, check your backups to ensure they are protected from ransomware attacks. Finally, review your incident response plan and run a table-top exercise.

Go deeper: Join the Inversion6 CISO team in this on-demand webinar to learn what to do in the event of a data breach.

Test Your Security Technologies

Test UPSs and backup generators, validate patching processes and outcomes. There may be an opportunity to upgrade security technologies or move investments from later in the year to now.

In addition to testing your security technologies, you should also assess security awareness across your organization. Talk to your employees, heighten awareness and work to reduce gaps between best practices and current behavior.

Prepare for the Most Common Threats

The Russian GRU (APT28) and Russian Foreign Intelligence Service (APT29) have some common attack methods. For example, these threat actor groups often attempt to exploit public-facing applications, breach an organization through external remote services, take advantage of trusted relationships and use valid accounts.

Take these steps to protect your organization against common security threats:

• Ensure public facing applications are updated and patched.
• Remove remote services or improve access controls through enforcing multi-factor authentication.
• Review third party access to your systems, networks and data
• Ensure strong passwords and authentication mechanisms — again, enforce the use of MFA wherever possible.
• Communicate to your employees not to click on strange links and attachments or provide their credentials to ANYONE.

Go deeper: Download this whitepaper to learn how to develop a successful strategy for fighting ransomware.

Partner with an Experienced Cybersecurity Risk Management Provider

Malicious cyber-action from Russia is likely to continue targeting Ukraine and could extend to NATO, EU member states and the United States. Now is the time to re-evaluate your cybersecurity measures and take proactive steps to prepare for potential risks. Make cybersecurity a priority this week and focus on making any progress you can in these areas.

Contact us to learn how we can strengthen your security efforts with cybersecurity risk assessments, consulting services, security solutions and more.