Preparing for Collateral Damage From the Russia-Ukraine Cyberwar
It’s now been almost one month since the Russian invasion of Ukraine commenced. Since then, ceasefire negotiations have been futile. As a result, the lives and livelihoods of millions of innocent Ukrainians continue to be altered forever by the Russian military, who by many accounts, has very little interest in fighting a war with their close neighbors to the west.
Presently, battles in cyberspace are being fought on many fronts in conjunction with the horrific events taking place in the physical world. While some experts argue that the “catastrophic cyberwarfare” between Russia and Ukraine has yet to begin; it is believed that Russian threat actors supported by the Kremlin have made further inroads into Ukrainian critical infrastructure. It is also widely suspected that Russia is responsible for hacking the Ukrainian government and national financial institutions.
Despite not having a military cyber unit, Ukraine’s digital defenses are so far proving formidable. Aided by allies and hacking groups “friendly” to their defense, Ukraine appears to be adequately defending its digital infrastructure from the Russian onslaught of cyberattacks. According to the AP, “U.S. Cyber Command has been assisting Ukraine since well before the invasion.”
In addition, Ukraine has formed what is being described as the world’s first “volunteer cyber army.” When announced, almost 200,000 IT specialists and hackers from around the world volunteered to help hack Russia and defend Ukraine. Also coming to Ukraine’s aid is the infamous hacking group Anonymous. The clandestine group has been hammering Russian websites with cyberattacks intended to debunk misinformation and take government websites offline.
The unintended consequences of cyberwar
Some believe that the Russia-Ukraine cyberwar will far outlast the physical battle (let’s pray that both end very soon). That’s certainly realistic from a misinformation and disinformation standpoint, but is otherwise just speculation.
A prolonged cyberwar could have devastating consequences for organizations far beyond Eastern Europe. For example, many in US threat intelligence, like former Cybersecurity and Infrastructure Security Agency (CISA) director Chris Krebs, believe that the recently enacted sanctions will lead to a spike in ransomware targeting American organizations.
Ransomware is already a major problem in the United States. In 2021, the average amount of reported ransomware transactions per month was $102.3 million, according to the US Treasury. Even some of the most prepared enterprises struggle to prevent ransomware attacks.
Other forms of cyber extortion, such as Distributed Denial of Service (DDoS) attacks, are also likely to target businesses and institutions deemed allies of Ukraine. At the same time, Russian nationalist profiteers are likely to increase their financial demands to unprecedented amounts. This will make negotiations incredibly difficult.
We can with some accuracy quantify the tangible costs of ransomware and DDoS attacks resulting from the Russia-Ukraine war. But it will be nearly impossible to project an accurate assessment of the collateral damage that will occur.
That’s because most organizations will not be direct cyber targets of the Russian nation-state. Instead, the vast majority will have reverberating consequences that trickle down from one organization to the next. Examples include production and shipping delays, continued inflation and supply chain disruption, leaked private communications, and lateral attacks, among others.
Double down on enterprise security best practices
CISOs do heroic work investing in their teams and technology to protect their organization from cyberattack. Unfortunately, there is no solution to prevent “collateral damage.” If there was, I’d build it.
During this time of unprecedented cyberwar, the best way to minimize collateral damage is to double down on enterprise security best practices. This includes:
- Protecting the endpoints – Ensure that advanced endpoint detection and response (EDR) is properly installed and configured across every corporate owned device. Task a teammate to run an inventory check to make sure no endpoint slips through the cracks.
- Only allowing access to corporate resources through MFA – Mandate the use of multi-factor authentication wherever available and without exception. Invest in a password management solution if you don’t already do so.
- Bolstering patch management – Just last week, CISA added 95 new vulnerabilities to its catalog. Work with your team to prioritize a patching schedule so that vulnerabilities are minimized.
- Reinforcing anti-phishing – Now is the time to consider increasing the frequency and complexity of your phishing awareness training and simulations, and investments in anti-phishing technology. More than 90% of all cyberattacks continue to begin with a malicious email, and those without a malicious payload are getting more and more difficult to detect.
Digital executive protection’s role in reducing risks from cyberwar
Ensuring that your company leaders are protected in their personal digital lives is a fifth best practice to consider. As China recently showed the world by hacking the personal emails of US government officials, there is no separation in cyberwar between one’s work and personal lives. Hacking executives to move laterally into the organizations that they lead is now a mainstream threat.
CISOs are limited in their ability to protect personal digital lives for a variety of reasons. Fortunately, that’s exactly what BlackCloak was created to do. BlackCloak extends enterprise security beyond the perimeter, empowering executives to take control of their online privacy and cybersecurity while simultaneously reducing risk to the enterprise.
It is my sincere hope that this needless war comes to an end with haste. The loss of life and property is as heartbreaking as it is irreversible. It is also my hope that the cyberwar can de-escalate without further impact on an international scale.
As former President Theodore Roosevelt once said, “It is not the critic who counts; not the man [and woman] who points out how the strong man stumbles…the credit belongs to the men [and women] who are actually in the arena; whose face is marred by dust and sweat and blood.”
To those men & women “in the arena” of this war, please do everything that you can to bring peace and prosperity back to Eastern Europe as quickly as possible.