Russia-Ukraine Cybersecurity Risks

As Russia launches a full-scale invasion of Ukraine, businesses around the world need to prepare now.

Russian forces have unleashed an attack of Ukraine on the orders of Vladimir Putin, an escalation of the Russo-Ukrainian War that began in 2014. And while the scope of the Russian attack appears to be massive, with news clips featuring Russian airstrikes and shelling, less visible are Russia’s formidable cyber forces.

Ukrainian government websites and networks were hit with a series of data-wiping attacks and were also accompanied by a series of distributed denial of service (DDoS) attacks. Details about the attack are still being collected, the attack is still going on, and western critical infrastructure could also be targeted.

The Russian government understands that disabling or destroying critical infrastructure augments pressure on a country’s government, military and population.

Critical Infrastructure Sectors

What You Can Do to Protect Your Organization

Dataprise recommends all organizations adopt a heightened posture, especially those in a critical infrastructure sector, when it comes to cybersecurity and protecting their most critical assets.

Be Proactive

• Review emergency communication protocols, such as phone trees and current contact information.
• Assure your Incident Response Plans are up to date and fit the context of potential threats.
• Share your organization’s concern with staff and prioritize heightened security in email in particularly.
• Consider adding anti-phishing awareness training immediately or, if you have it, increase difficulty to harden security posture.

Prevent Cyber Attacks

• Require multi-factor authentication (MFA) for all remote access to your organization’s network and privileged files.
• Ensure that software stays up to date, especially those updates that address known vulnerabilities.
• Disable all ports and protocols that aren’t essential for your business.
• Implement strong controls for your cloud services.
• Work with your IT personnel, or a trusted partner like Dataprise, to improve your organization’s cyber hygiene and conduct vulnerability scanning.

Quickly Detect an Intrusion

• Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. [Access Dataprise’s Security Intrusion Tabletop Exercise]
• Protect the organization’s network with antivirus/antimalware software.
• If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Respond with Confidence

• Designate a crisis-response team with main points of contact for a suspected cybersecurity incident.
• Make sure key personnel are available in case of an emergency; identify means to provide surge support for responding to an incident.
• Perform a tabletop exercise to ensure that all participants understand their roles during an incident. [Access Dataprise’s Free Ransomware Checklist and Tabletop Exercise]

Bounce Back after an Incident

• Test your backup procedures to ensure that critical data can be rapidly restored after ransomware or a destructive cyberattack. Ensure backups are isolated from network connections. [Access Dataprise’s Free BCDR Tabletop Exercise]
• If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience.

Dataprise Managed Cybersecurity can also offer additional help; it expertly combines world-class managed detection and response with a complete cybersecurity program to increase visibility, shut down bad actors quickly and dramatically improve your total security posture.