Even before Russia invaded Ukraine in February, cyber-security experts were already discussing the risks of cyber warfare and the need for increased protective measures. Some of the largest cyber attacks in recent years have ultimately been attributed to Russian threat actors (consider the SolarWinds breach), and the United States has been on high alert for signs of escalation.
An article published in the Harvard Business Review a few days prior to the invasion points out the potential dangers as the world navigates how to respond to the conflict: "Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced. Invasion by Russia would lead to the most comprehensive and dramatic sanctions.… Russia will not stand by, but will instead respond asymmetrically using its considerable cyber capability."1
The United States has indeed imposed sanctions, further contributing to the need to assess security postures and protect against potential acts of cyber warfare. Threats against critical infrastructure and ransomware attacks are especially concerning.
Facing the Threat of Cyber Attack
The United States has been making strides in improving its security posture from the Executive Order on Improving the Nation's Cybersecurity2 to the US Department of Homeland Security's establishment of the Cyber Safety Review Board.3 These developments underscore the national efforts to combat cyber threats, to prioritize cooperation between the public and private sectors, and to investigate and share lessons learned.
The Cybersecurity and Infrastructure Security Agency also released an alert in February 2022 providing information and guidance regarding Russian state-sponsored threat actors that had accessed sensitive US defense information and technology.4 Though the events of recent weeks have certainly made the potential for worsening cyber attacks a strong possibility, these threats are not unexpected. As we continue to wait and see how events will unfold, it is advisable to ensure that best practices are being followed and that preparations have been made to account for the added risk.
Typical practices involving patch management, multifactor authentication, protective technologies, strong backup policies, password updating, and education against phishing attacks all continue to be key defenses.5 However, it is equally critical to ensure that there are no gaps in what is documented as policy and what is actually implemented in reality. The best written policies are useless if they are not established within the culture.
This also goes for relationships that exist outside of an organization—regularly review all third-party vendor contracts to develop an understanding of where your data is and who can access it. It is wise to stay up to date with government advisories and recommendations, too. As the situation in Ukraine evolves, leadership and management should take new developments and directions into account when making cyber-security decisions.
In addition to proactive strategies, incident response and business continuity plans should be assessed and updated as needed. Given the changes that most organizations have undergone in the past 2 years due to COVID-19, be sure to consider the role that remote work and cloud environments may play within your organization. Identifying gaps in your organization's approach is best done sooner rather than later, as ideally, response plans should be easy to communicate and follow prior to a cyber event occurring.
Cyber Insurance May Not Cover War Risks
War exclusion language is commonly found in cyber-insurance policies. Due to past ambiguities in underwriting language, "insurers started to clarify cyber policy language further in 2019 for 'silent cyber' coverage, where the policy does not explicitly include or exclude cyber risk within a policy. Firms have addressed silent cyber issues by adopting language that specifically excludes or affirms coverage, or by adopting coverage sublimits, which reduces the benefits of the policies."6
Many organizations that look to cyber insurance as a primary mitigation strategy may be in for a rude awakening when their policy does not provide the coverage they were expecting. Now is the time to review your coverage, ask any questions you may have, and use this information to shape your cyber-security approach.
Implementing best practices and securing yourself against possible cyber threats are always important; however, the Russian invasion of Ukraine adds a new dimension and urgency to assessing your organization's ability to prevent and respond to cyber attacks. Staying apprised of current events and mitigation recommendations are crucial steps, as well as reviewing existing documentation, policies, procedures, and practices.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.