Russia’s unprovoked attack on the Ukraine has not been restricted to land. Ukrainian tech resources have been hit by cyber-attacks, particularly against its government and banking systems in a coordinated effort by Russia’s military intelligence unit.[1] Several websites of Ukrainian government departments and banks were hit with distributed denial of service attacks (DDoS), which is a form of attack where threat actors overwhelm a website with traffic until it crashes. While the conflict has not yet spread to western countries, U.S. businesses may still feel the impact due to their reliance on Ukrainian IT services and from potential retaliatory attacks from Russia due to significant U.S. sanctions.
Though not having a physical presence in the Ukraine, many U.S. companies use outsourced Ukrainian IT services. According to the Ukraine’s Ministry of Foreign Affairs, 1 in 5 Fortune 500 companies rely on the Ukraine’s IT outsourcing sector.[2] Ukraine’s tech workers support banking, insurance, and financial operation services around the world. To mitigate potential impacts, software and technology providers are working to move services and workers elsewhere. For example, SAP SE has closed its office in Kyiv and website development platform Wix.com Ltd. moved its workers to Poland and Turkey last week.[3] However, technology resources such as code, designs, and documentation may still be vulnerable.
The Department of Homeland security has yet not advised of any specific or credible threats to the U.S. homeland, but the Cybersecurity & Infrastructure Security Agency (CISA) published a “Shields Up” memo advising U.S. businesses to prepare to respond to disruptive cyber activity.[4] Though Russia’s cyber attack efforts have primarily targeted the Ukrainian government and critical infrastructure, growing support for Ukraine in the US and other NATO countries increases the likelihood of Russian cyber-attacks against businesses, governments, and critical infrastructure of those allies. Attacks are also a possibility as a retaliation for the heavy sanctions being levied against Russia by the U.S., with direct targets being critical infrastructure.
All businesses, large and small, should remain vigilant during this time of heighted risk and vulnerability. As part of its support of U.S. businesses, CISA has compiled a catalog of free cybersecurity services and tools, which include very helpful resources and up to date information about the latest attack and defense strategies. Certain additional steps recommended by CISA and industry leaders can help shore up vulnerabilities and lower the risk of a cyber incident, as well as renew the commitment as a business to maintaining a strong cybersecurity program. These steps include but are not limited to:
- Hope for the best, plan for the worst. It is near certain that all U.S. businesses will be the victim of an attempted cyber-attack at some point (whether that be from Russia or other threat actors); what is in question is the level of success. Businesses should check with their cloud providers to ensure all protections are enabled, even if there is increased cost. Ensure that data is being regularly backed up to minimize business interruption from an encryption event or if data is wiped. If it has been a while since you have updated your cyber incident response plan, review the plan to ensure it is up to date and conduct tabletop exercises to run through how a cyber event will be handled.
- Take proactive steps to reduce the likelihood of a cyber event. Review policies regarding remote access, authentication requirements, and secure controls to ensure they are up to date and consistent with best practices. Ensure that all software is updated to the latest version, and that IT has disabled ports and protocols that are not essential for a business purpose. Particularly if your organization or your critical service providers work with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations. IT should also take additional care to monitor unexpected traffic from overseas.
- Conduct trainings with employees. Regular cyber security trainings with employees should already be a part of your business’ practices for employees with access to company networks and data. However, the heightened risk presented today merits additional reminder trainings, as well as targeted trainings about how to best protect business computer systems by employees with significant access.
[1] Ryan Browne, “The world is bracing for a global cyberwar as Russia invades Ukraine”, CNBC (Feb. 25, 2022) (https://www.cnbc.com/2022/02/25/will-the-russia-ukraine-crisis-lead-to-a-global-cyber-war.html).
[2] Edward Segal, “Why The Impact of Russian Cyberattacks On Ukraine Could Be Felt Around the World”, Forbes (Feb. 23, 2022) (https://www.forbes.com/sites/edwardsegal/2022/02/23/the-impact-of-russian-cyberattacks-in-ukraine-could-be-felt-around-the-world/?sh=649680cb56b2).
[3] Isabelle Bousquette and Suman Bhattacharyya, “Ukraine’s Booming Tech Outsourcing Sector at Risk After Russian Invasion,” The Wall Street Journal (Feb. 24, 2022) (https://www.wsj.com/articles/ukraines-booming-tech-outsourcing-sector-at-risk-after-russian-invasion-11645749755).
[4] “Shields Up”, CISA (last accessed Feb. 25, 2022) (https://www.cisa.gov/shields-up).