Cyber considerations from the Russia-Ukraine war

March 2022

The Russian government’s invasion of Ukraine has elevated concerns for cyber security incidents and the resilience of critical business functions. While there is significant uncertainty around the Russia-Ukraine war and associated actions, there are some things we all should consider as we evaluate our level of cyber security preparedness.

Resilience and continuity

Businesses should assess their readiness for cyber incidents and ability to recover from a cyber-attack. Reviews of response plans should be conducted to understand exposures to current threats.

What to do

1. Review the threat landscape.
2. Understand incident response and resilience planning.
3. Refresh security incident response plans, and have a specific ransomware incident response plan.
4. Identify a short list of critical dependencies that may be impacted by current events and conduct an analysis of risks.
5. Consider running a table-top exercise (if one has not been performed in the last six months).

Partner and vendor risks

Businesses have become far more reliant on third parties providing critical systems, services, data, and support. It is vital to understand the security and resilience of all partners across critical areas.

What to do

1. Identify dependencies on vendors/ partners from Ukraine, Russia, and neighboring countries, and build a contingency plan.
2. Monitor network traffic, as cybercrime is expected to get more sophisticated.
3. Understand the incident response and resilience planning.
4. Understand the cascading effect of an incident in your supply chain and determine weak links.

Cyber security monitoring and incident response

It is widely expected that there will be a marked increase in activity against Ukrainian targets, their allies, and supporters. Businesses should be on heightened alert for these attacks, especially those considered part of critical infrastructure, including Oil, Energy, and Financial Services firms.

What to do

1. Understand the cyber security monitoring capabilities across your network.
2. Better understand risks by working with cyber security intelligence partners.
3. Engage with cyber security vendors for managed detection and response services.
4. Seek indicators of compromise based on known Russian bad actor tactics, techniques, and procedures.
5. Secure a cyber security incident response firm and make sure contracts are up to date.
6. Review regulatory reporting requirements.
7. Consider proactive discussions with law enforcement / government agencies. 

Workforce support

To alleviate resourcing challenges, organizations are considering or have already added surge support capabilities to manage business-as-usual security functions, triaging an increased volume of security alerts, and/or execution of project portfolios. 

What to look for

• Extended staff shortages.
  
• Regions impacted by current events.

Summary

The Russia-Ukraine war is driving increased concerns for cyber security incidents and the resilience of critical business functions and services. While the current climate is unpredictable, there are things we can do to better understand our readiness, capabilities, and requirements to help reduce the impacts and shorten the durations of incidents when they occur.