The War On Ukraine. What's the Cyber threat to our businesses?
We have all been shocked by developments in Ukraine in the last few days. Our thoughts and prayers are with the people caught up in the midst of this.
However it would be remiss of us not to consider what impact the fallout has on our organisations. One of the potential impacts will come from cyber attacks against Western businesses, and this is the one that has taken up most of my thinking in the last couple of days. Having taken the time to review the situation with peer organisations and cyber security experts over the weekend, we have this advice and information for you:
What To Do Right Now
The first question to consider is: how has you risk changed in light of recent events?
If Russia use Cyber warfare against the West, it is most likely to be in 4 forms:
1. Attacks against Critical Infrastructure e.g. Banks and energy companies. Are you one of those, or in the supply chain to one of those? If so, then your risk might have changed significantly. Most people in this category will have identified measures to put in place for a time like this. If not, you should review this heightened risk against other business priorities and decide if you need to change your immediate plans to accommodate responding to these events.
2. Overspill events - For "regular" businesses with no specific threat, it is possible that there will be deliberate or inadvertent overspill of activity which will impact “regular” businesses. This has happened before when Russia launched a cyber attack on Ukraine in 2017 which had major global impact. Any of us could be impacted by this.
3. General disruption on Western businesses. Russia has been known in the past to "sponsor" cyber criminals in its sphere of influence to increase their activities. The aim of this is simply to cause disruption to western economies. Any of us could be impacted by this.
4. Disinformation
I should say at this point, that we also don't know everything that could happen. It is possible, depending on how this goes, that Russia has techniques we haven't seen before, or uses old techniques in new ways. You might see headlines in this area. However we simply don't know and therefore can't usefully plan around that.
Right now, we are seeing evidence of a 10x increased "probing" of systems coming from both Russia and China (we can't explain China's involvement) but
Which category do you fall into? What actions can you take?
For "regular" businesses, we suggest the below actions:
What To Do In The Short Term
Assuming you are a "regular" business in the above definition:
1. Be realistic - you haven't got time to do too much and resources in this area are in high demand. Hopefully you have already worked on the bulk of what you needed to have in place (e.g. Following Cyber Essentials controls or similar).
2. However, you can usefully use these events as an impetus to push through some actions you have on your list but have fallen below other priorities. These will be different depending on your position, but might include things like setting up a password manager so you aren't reusing passwords, setting up Multifactor Authentication, running a table top “fire drill” on your response plans.
3. Also, ask your team to be extra vigilant. Let them know the organisation is at heightened risk and why, and that they should be extra vigilant and suspicious of:
○ Emails asking you to click a link or open an attachment or make a payment. Make sure you verify who sent it before clicking or opening.
○ Pop-up messages on your computer you haven't seen before - don't just dismiss them, stop and check what they are.
○ Phone calls asking for information - verify the caller, if in doubt call them back on the number you have saved for them.
○ Visitors turning up for site access
○ Check your backups are running, being tested and the date of the last test restore and the results.
However, you are not going to be able to get much more than this done in a short space of time. But make sure you have, or are in discussion with, your Insurance Broker about Cyber Cover.
What To Do In The Longer term
As you sit contemplating these events, do you wish your organisation was in a better place regarding cyber security? If no, you can stop reading now and get back to work.
If yes, here is some high level guidance:
1. If you don't have Cyber Essentials in place, add this to your next board meeting. The clue is in the name - it is Essential. It addresses around 80% of the risk you are exposed to from cyber attacks. I don't think there are any businesses where it makes sense to accept the risks of not doing this versus the costs of doing it.
2. Treat Cyber Security as a journey. Most of us are right at the start of this journey. Until recently it wasn't a significant problem for our businesses. It is now, and will get worse before it gets better.
3. Put some time aside to create a rhythm in your organisation to move your journey forwards.
a. You need a map, on which you can mark where you are and where you want to get to
b. You will likely need a guide to help you navigate an efficient path. For most SMEs, your IT people are the best place to start. They should be able to help you understand the roles, people and processes you need to have in place, and the metrics you can use to measure success.
c. To judge if you are on track: You should end up with a regular meeting to discuss this with your guide and that leads to recommendations being taken to your board or senior leadership to make decisions. They are then added to a roadmap and you will start to see progress being made.
Do start now. If you already feel you are behind, then you need to get moving.
If you need want to discuss anything around this then please reach out.