Over the past six months, organizations in Ukraine have faced threats including massive DDoS (Distributed Denial-of-Service) attacks, increased malware activity, targeted and persistent phishing attacks, disinformation campaigns and attacks on cyber-physical systems.
Paul Proctor, Distinguished Vice President Analyst at Gartner, states that cyber threats are likely to last at least as long as the physical conflict.
“The ‘fog of war’ can challenge situational awareness, and panic increases the risk of mistakes and creates an advantageous situation for bad actors. While the impact of individual attacks will vary, the broader impact of an increased threat environment will be felt by organizations worldwide.”
Proctor said it’s important to remember that cyber warfare doesn’t have geographical boundaries like physical conflict does.
“For example, at least three energy companies in Germany have been the target of cyberattacks since the invasion began. We have also seen cyber actors in other regions, such as China, taking advantage of the situation to spread threats, as well as the involvement of non-state actors, such as the Anonymous hacking group, which launched an offensive against the pro-Russian Conti ransomware gang,” he explained.
preparation for the future
The Russian invasion of Ukraine is the latest crisis that proves corporate security and risk cannot be managed in a vacuum by the CISO and his team, Proctor said.
“Crises represent an added premium for risk-based decision-making, and management needs to be involved at all levels. Leaders who make defensible, risk-aware decisions are more likely to steer their organizations resiliently, from response to recovery,” he explained.
“Geopolitics and cybersecurity are inextricably linked. Therefore, as a security leader, you need to look at the global threat landscape from a business perspective. Every business decision made in this environment has security implications and vice versa.”
Proctor said executives should consider how current events impact companies’ risk levels.
“What is the company’s appetite for this risk, and is it changing in the context of these events? Modern enterprise security leaders cannot just focus on vulnerabilities or security technologies.
“Rather, they must lead the organization to make informed decisions about its cyber risk exposure, and understanding the security implications of global events is a key component of this new role,” he concluded.