Both sides in the Russia-Ukraine conflict have been targeted by hackers who were either APT groups or part of largely independent groups who got pulled into the conflict willingly or otherwise. This conflict has put the spotlight on cybersecurity but not in the way we would have wanted to.
- Hackers have taken complete control over the narrative and are being encouraged from both sides
- Cyberattacks are now being seen as a natural fallout of any conflict
- The event has also led to the emergence of new malware that are being tested
- Civic infrastructure has been targeted extensively along with select businesses to create large-scale disruption
- A new batch of hackers are being trained and armed to widen the impact of cyberattacks
- Cyberattacks in any shape or form should ideally be discouraged. Just like there are no good wars, there are no good cyberattacks either. In the long run, hackers will move on to other targets and continue the mayhem and disruption
- The US CISA had issued an advisory to businesses to go ‘Shields up’ and brace themselves for Russian cyberattacks. But this has not initiated any major discussion around cybersecurity across OT operators and IoT deployments.
- This conflict should have underscored the importance of cyber threat intelligence, pro-active risk management, tabletop exercises, and self-audits to reassess the state of cybersecurity posture to identify and plug gaps. Not many businesses have done that as the belief is that the hackers will only go after government entities.
This Ukraine-Russia conflict has taken the attention away from the core issue which is the need to address security weaknesses, and this will create a huge challenge for businesses in the long run.
What can cybersecurity planners learn from the Russia-Ukraine conflict?
- Hold regular cybersecurity briefings across teams. Treat the conflict as an ‘incident of concern’. Keep an eye on the evolving threat landscape and inform all stakeholders regularly through such briefings
- Pay more attention to the way your organization responds to such geopolitical or other incidents that could have a cybersecurity fallout
- Does your cybersecurity team mobilize to respond?
- What kind of new measures have they implemented in the last 2 weeks to reduce the risks?
- Are there sufficient levels of intra-business collaboration to address cybersecurity concerns?
- What kind of warnings have been issued?
- Improve your threat hunting capabilities, go for more cyber threat intelligence feeds
- Use such opportunities to revisit your institutional cybersecurity posture
- Stress-test your incident response capabilities
- Revisit your control systems and HMIs
- Revisit your SOC KPIs
- Build a clean line of succession so that you have enough folks waiting to take over in case someone leaves or is unavailable
- Pay attention to all advisories
- Identify at-risk assets and resources such as intellectual property, confidential customer information, employee data, and brand credibility and plan backwards to secure them across assets and operations
For more informational content, subscribe to our weekly updates and be notified at the latest.
Try our rich OT and IoT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence
Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.