Russia’s invasion of Ukraine has altered the emerging risk landscape and it requires IT and business leaders to strengthen their cybersecurity defences without delay, warn analysts.
Omer Dembinsky, Data Group Manager at Check Point Software Technologies said that with a history of previous international attacks, one must have his/her eyes open for advanced persistent threats (APTs), malware, ransomware, distributed denial-of-service (DDoS), network attacks, and more.
Checkpoint Check Point Research (CPR) which has been tracking the attack scenario throughout the Russia-Ukraine war informed that in the first three days of combat, cyber attacks on Ukraine’s government and military sector increased by a staggering 196 per cent. Since then, cyber attacks on Ukraine’s government and military sector decreased, dropping 50 per cent in the last 7 days.
The researchers suspect that hackers have made a shift towards taking advantage of other governments focused on the conflict. However, cyber attacks on all industries, not just government/military sector, in Ukraine and Russia have increased to the highest point since the beginning of the conflict and 2022.
In Ukraine, it observed a 20 per cent increase in overall cyber attacks on all industries since the beginning of the conflict the implication is seen globally as in Europe, the average weekly attacks per organisation last week stood at 1,068, 14 per cent higher than before the beginning of the conflict and 15 per cent higher than the first two weeks of the conflict. North America saw the average weekly attacks per organisation last week stood at 991, 17 per cent higher than before the beginning of the conflict and 15 per cent higher than the first two weeks of the conflict.
In APAC, the average weekly attacks per organisation last week stood at 1,718, 11 per cent higher than before the beginning of the conflict and 13 per cent higher than the first two weeks of the conflict.
“Russia’s invasion of Ukraine has increased the risk velocity,” said Matt Shinkman, vice president with the Gartner Risk and Audit Practice in a statement.
IT leaders globally should reassess their organisational risk models; they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now, he stated.
Shinkman said, “It’s more critical than ever for ERM leaders to lead the business in clearly defining their high-value assets and have a response plan in place so that triage and decision-making are not made on the fly during an attack.”
Pranjali Mujumdar, Disruptive Tech Analyst at GlobalData believes cyber threats such as destructive malware can be a direct threat to a company’s daily operations, posing risk to key assets and data.
“Every company, regardless of size, must act quickly to secure its information technology infrastructure. A robust cybersecurity infrastructure will help companies to identify and thwart cyberattacks, as well as remain secure throughout the security lifecycle,” he said.
Analysts also observe that organisations are collaborating with cybersecurity providers to boost the security of their infrastructure and deliver better security services to their customers.
For example, Google has recently agreed to acquire cybersecurity company Mandiant for approximately $5.4 billion. Mandiant, best known for identifying the infamous SolarWinds hack, will be merged into Google Cloud as the company aims to bolster its cybersecurity solutions in the face of rising cyber threats.
Fortinet, a provider of enterprise-level next-generation firewalls and network security solutions, is actively collaborating across a global network of NGO, industry, and public sector organisations to secure people, devices, and data everywhere through partnerships with the Cyber Threat Alliance and the Joint Cyber Defense Collaborative (JCDC) convened by the US Cyber and Infrastructure Security Agency (CISA).
“Companies must also invest more in information security, with risk management teams aiming for a fine balance of technology, people, and processes to manage risk. Both Russia and Ukraine have a high level of expertise in information technology and computer hacking, thus, cyberwarfare can not only target big companies or government organisations; any small business involved in the public sector’s supply chain will also be vulnerable,” Mujumdar said.
At a fundamental level, researchers have outlined some best practices for cyber security preparations:
1. Patch Internet-Facing and Business Critical Software: IT leaders need to patch for all software and all vulnerabilities, even the old ones.
2. Prepare for Ransomware and Data Destruction: Test your backups; validate your recovery plans, and continuity plans as well, in other words every component of your systems.
3. Be Prepared to Respond Quickly: Have a strong communication system in place and reinforce how information for teams, customers, and employees will be shared in the event of a crisis.
4. Lock your wireless network: You need to lock down your wireless LANs to prevent unauthorised access and keep your data safe.
On the whole, analysts noted that malicious state-sponsored cyber-activities have historically escalated when geopolitical tensions are high. Concerns about increased cyber activity amidst the Russia-Ukraine crisis serve as a stark reminder of the importance of identifying the threat model and altering risk management objectives accordingly.