UNIBA Partners, a Centuro Global member, discusses the ongoing cyber risks and attacks companies are facing since Russia invaded Ukraine.
Russian government entities, state-owned companies, and foreign businesses operating in Russia have been facing a growing number of cyberattacks attributed to Russia’s full-scale invasion of Ukraine. Rostelcom-Solar, the cybersecurity arm of telecoms company Rostelecom said it had been witnessing increased activity on hacker forums since the invasion, according to Reuters.
Alexandra Bretschneider, Vice President and Cyber Practise Leader at Johnson, Kendall & Johnson, Inc., who also heads UNIBA Partners' Cyber Center of Excellence, provided a little bit of context on the current cyber environment and shared how she sees the pressure “hacktivists” are putting on companies.
What is the current context?
The Russia-Ukraine conflict has certainly raised cybersecurity concerns at an international level. On one hand, there are the ongoing attacks aimed at Ukrainian infrastructure (including communication services) perpetrated by Russian attackers; as well as Russian attackers setting sites on any foreign states who have interjected in the crisis in any capacity – such as the United States and other NATO countries issuing various sanctions against Russia.
As a result, retaliation attacks are transpiring, with Ukrainian and other international actors (some representing specific foreign states and other cyber vigilantes) who are perpetrating attacks on military, media, and infrastructure targets within Russia.
The attacks from both sides have taken the form of DDoS (distributed denial of service) attacks against banking and defence websites, wiper attacks designed to wipe the data of their targets, media attacks aimed at posting threatening messages on websites or streaming services, or system and email compromises aimed at gaining military insight.
Then we have instances of “hacktivists” on either side perpetrating attacks from decentralized groups or individuals against shared targets. Typically, these are still aimed at various infrastructure, government, and media entities. However, we are also seeing them target other businesses based on their involvement and position – or lack thereof – in the conflict.
For example, Anonymous has alleged to claim responsibility for leaking data from a breach of Nestle’s network out of retaliation for Nestle’s refusal to stop conducting business in Russia, despite requests directly from Ukraine. Nestle has since come out denying that Anonymous leaked the data and indicated it was from an earlier breach caused internally on their part in the month prior.
Nestle was just one of several companies that found themselves on a list of businesses serving Russia that are under threat by Anonymous to cease operations in the country or suffer the consequences of cyber-attacks. Therefore, businesses in general who have a stake in this conflict, whether by doing business in those countries or refusing to, may find themselves as a collateral target.
Although cyber-attacks, and particularly ransomware, have caught the attention of governments internationally – calling for more action, regulations, and sharing of information to address the ever-growing problem – the reality is that this is a dynamic risk facing people and businesses today that is growing in complexity over time.
After the number of successful cyber-attacks appeared to be finally trending downward in the tail-end of 2021 and heading into early 2022, we are back to seeing an increasing frequency and severity of attacks (such as Toyota and Bridgestone) that could be related to the increasing tensions from the Russia-Ukraine conflict.
Whether it is a nation-state actor or hacktivist, we are all at risk of being a target, although certainly some organizations more so than others.
Managing Cyber Risks
Managing cyber risk requires intentional and thoughtful solutions and strategies. Good cybersecurity hygiene is critical. For example, securing access to your network, systems, and data via sound access control processes and password requirements incorporating multi-factor authentication (MFA).
MFA should be considered in more than just the areas where it is now virtually required to be insurable (email access, remote access, and administrator accounts), but also at the application level, beginning with systems that are more critical to operations.
What can organizations do to manage cyber risks?
1. Organizations must spend more time on the cyber incident response piece of their broader business continuity/disaster recovery planning. This includes considering the impact of an attack on a vendor or customer within your supply chain (including your IT vendors), beyond just an attack on your own business.
2. Timely patching of systems remains critical with the number of zero-day exploit incidents doubling year over year from 2021 to 2020. Organizations may want to consider geofencing (restricting IP address access) and other DDoS prevention methods and deploying other more advanced technical solutions such as NextGen Antivirus software, Endpoint Detection & Response, etc.
3. Additionally, having sound backup & recovery procedures, including segregated and secured backups that are frequently tested. We need to continue to communicate to our employees about the importance of cybersecurity awareness, and creating safe channels to communicate suspected or potential issues.
In conclusion, cyber insurance remains a valuable tool in transferring the costs associated with cyber risk. In light of the Russia-Ukraine conflict, much consideration should be given to war exclusions on policies, and cyberterrorism carve-backs.
Understanding coverage and how to utilize it remains a key aspect of the successful cyber resilience of organizations. We all need to put in the work to effectively manage this complex and evolving challenge.