The world, like Ukranians themselves, awoke to the sounds of war on February 24, 2022. While we await resolution, and join people worldwide in hoping for a peaceful outcome, we must also recognize the effects the invasion may have on cybersecurity and risk management in companies near and far. Whether companies recognize it yet, the war may be coming to their desktops without warning.
We’re not alone in believing this. Derek Vadala, chief risk officer of our partner Bitsight, was quoted in a Fortune article on the possible repercussions of the war by saying, “I think the risk right now is high and rising.”
The article goes on to note the vast history of cyberattacks and bad actors coming out of Russia. Recent attacks in Ukraine targeted government and financial institutions via denial of service (DoS) attacks on their websites.
Unfortunately, these attacks are not limited by geography. The FBI began warning US companies of the possibility of impending cyber attacks and use of ransomware this week. A CNN article quoted analysts at S&P Global Ratings as saying:
“A heightened risk of cyberattacks on Ukraine… could create knock-on effects for corporations, governments, and other parties in the region and beyond.”
In other words, the history is there, the current situation is unfolding, and all of this is very possible at businesses worldwide.
What you can do
Cyberattacks, like data breaches or data leaks, happen all of the time. These events can feel random, but often occur in a company’s digital supply chain: its network of third party vendors and suppliers. A company may not think it has a direct connection with Ukraine, for instance, but every employee, piece of software, server, and potential customer creates an opportunity for risk.
Some events take companies by surprise —we’ve written about zero day events such as the 2021 log4j incident in the past, and specifically how our partnership with BitSight can help prevent and mitigate them. Likewise, we’ve written about many digital attacks: from SolarWinds to Kaseya. These pieces strive to offer lessons learned more than simply rehash the salacious details of the attacks themselves.
We’ve also held multiple webinars, featuring speakers from GuidePoint Security and SpyCloud. One, “Stolen Credentials: A Conduit for Ransomware in the Supply Chain,” is a brief overview of the threats companies face and the solutions they can embark on to limit risk.
Finally, along with our partners at BitSight, we released research on ransomware in specific industries, from Technology to Manufacturing. You can browse and download them for free here.
For those companies who recognize the risk we’re all facing and are ready to secure their companies and their supply chains, we’re ready to talk.
With a brief phone call, we can quickly assess your needs and begin implementing a risk management strategy that can keep you safe as well as boost your business.
We all want the hostilities in Ukraine to come to an end quickly. In the meantime, this is a necessary reminder that our digital workspaces are always open to risk. Let us help you minimize that risk today.
Don’t let zero days be “wake up calls.”
Unpredictable vulnerabilities will be an ongoing concern for security teams inthe foreseeable future.
In this guide you will learn the fundamentals of zero days, patterns from our statistical analysis, and tips to reduce risk and remediate zero days if/when they happen.
