SpartanTec, Inc. Fayetteville: Cybersecurity Risks from an Escalating Russia

Tension is rising between Russia, Ukraine, and the US. Is your company’s cybersecurity at risk? Here are a few things you need to know.

News networks and social media are showing clips of Russian military forces exercising and training to fight as they warn of an imminent Russian attack against Ukraine.

Russia’s cyber-forces are less visible and could be poised to launch a new wave cyberattacks against western energy, finance and communications infrastructure. Regardless when an invasion happens, tensions will continue to rise and the cyber threat will not diminish.

Cybersecurity Risks

The consequences of the conflict in Ukraine for business — cyber, conventional, and hybrid — will have a profound impact on businesses far beyond the borders of the region. Have you evaluated whether your business is at risk? Many small businesses think they will not be affected – think again.

You are likely too late if you’re just starting to evaluate your cyber defenses. Cyber defense requires a long-term strategic investment and not just a quick fix.

The cyberthreat posed by the conflict in Ukraine is perhaps the greatest ever for U.S. companies. Russia’s invasion would result in the harshest and most severe sanctions ever imposed against it. Russia views these measures as economic warfare. Russia will not be silent, but will respond asymmetrically with its vast cyber capabilities.

Recent warning from the U.S. Cybersecurity and Infrastructure Security Agency was issued by the CISA about the possibility of Russian cyberattacks spreading to U.S. networks. This follows previous CISA warnings regarding the dangers posed Russian cyberattacks on U.S. critical infrastructure.

Cyber skirmishing is already in its infancy. In Ukraine, banks and government systems were attacked within the last week. U.S. companies are noticing a sharp increase in cyber probing.

Dragos CEO Rob Lee told us that “we have observed threat groups that were attributed to Russia by U.S. government agencies performing reconnaissance on U.S. industrial infrastructure, such as key electric and natural gas stations, in the recent months.

We were informed by several multinational security and intelligence departments that they anticipate Russian cyberattacks. They also assess the possibility of second- and third-order impacts on their operations.” Companies have indicated that they anticipate an increase in scams and attacks in the context of the Ukraine crisis. Risk assessments are usually dependent on whether the company has any direct links to the Ukrainian banks or other critical infrastructure.

If it’s too late to increase your cyber defense, as conflict seems imminent, then what can leaders do other than throw their arms up?

First, a cyber- or IT problem can quickly become a business problem. Firms should immediately begin to draw out, dust off, and exercise business continuity plans.

What does it look like to work in an analog world or pencil-and-paper for days, weeks or months? In a matter of seconds, 30,000 laptops belonging to Saudi Aramco were made into paperweights by hackers. Grab your pen knife, and take a look at the crisis response paint. Ask “If my IT systems fail, how will I track my inventory, manage accounts, and communicate with my organization?”

Second, examine carefully your supply chain. Hidden dependence on Ukrainian-based code writers or software engineers could pose a risk to your firm.

According to the Ministry of Foreign Affairs of Ukraine, more than 100 Fortune 500 companies worldwide rely at minimum partially on Ukrainian IT services. Several Ukrainian IT firms are among the top 100 global outsourcing options for IT services.

Third, connecting to vendors and peer networks can greatly increase your chances of detecting and mitigating cyber intruders. Your teams should be empowered to reach out and assist cyber and intelligence teams from peer companies and federal and local partners who are closely monitoring the same threats.

Make sure your teams are aware of their local CISA representatives and FBI field offices. Also, ensure that they are on their mailing list to keep up with alerts and warnings. To increase awareness and build a collective defense, share anomalous and malicious cyber activity with local and federal partners.

Fourth, instill security mindset among your employees. Enabling multifactor authentication, which makes you 99 percent less likely to be hacked, patching old vulnerabilities, making passwords strong and remembering that phishing remains the most common attack vector for sophisticated adversaries, all of these things can help to improve overall security.

Cybersecurity is closely linked to overall business security. Cyber threats are often a problem for corporate leaders. However, IT security must be considered alongside geopolitical risk assessments.

It is important that teams working on cybersecurity, geopolitical risks, and physical security work together, and not in silos. One case involved a corporate intelligence manager who said that he had done a joint assessment of Russia-Ukraine with his cyber intelligence team — it was the first time they had ever worked together in this way. This case highlighted the importance of pre-existing relationships, and it prompted new levels in cooperation.

It may not be possible to build relationships during crisis. It is better to establish communication and cooperate before disaster strikes.

Corporate resilience, disaster recovery, and business continuity plans are crucial in times of crisis. These require all company attention and solutions.