By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager, Cyber Security
On February 24, 2022, decades-long tension between Russia and Ukraine boiled over, and Russian forces invaded Ukraine. Little more than a day later, British Airways joined the chorus of Western corporate entities implementing their own mini-sanctions against Russia and canceled all service to and from Russian airports. The next day, British Airways encountered “technical issues” which required it to cancel all short-haul flights throughout Europe. The airline denied that the issues were caused by a hack.
Russia, and Eastern Europe in general, have a well-earned reputation for having an abundance of hacking talent and being a center for organized cybercrime. Does war in this region of the world increase the likelihood of cyber-attacks against US businesses?
Increase in cybercrime
It’s impossible to know for sure, but because cybercrime is an industry, we can look to macroeconomic forces and how those might impact the industry. Some forces at play might include:
- The Russian Ruble has collapsed 50% against the US dollar in less than two weeks. A 50% currency collapse means cybercriminals have to bring in 2x the revenue just to keep up.
- Official sanctions and corporate actions are likely to reduce legitimate Russian economic activity, which could drive more cybercrime.
Although the CISA says “there are no specific or credible cyber threats at this time,” Russia has flipped the chessboard, and there is no clear reason to think that war in Eastern Europe would cause a reduction in US businesses’ cyber-risk, and certainly not a reduction in risk that would warrant relaxing corporate cyber defenses.
Action items for improving cyber security
Although far from a fulsome list of cyber protections, the list below represents some of the more potent actions companies can take to mitigate the risks from the increase in cyber threats that are likely to occur.
- Using multifactor authentication for all remote access
- Patching systems
- Implement antivirus/anti-malware solutions
- Blocking firewall ports and protocols not necessary for business. We would add implement geo-blocking for any countries with which you do not do business, and apply these firewall rules to all endpoints as well as the network perimeter.
- Employ advanced email filters capable of detecting and blocking ransomware
- Train employees how to identify phishing scams and malware/ransomware in email
- Maintain redundant backups and periodically verify your ability to restore from backup
- Maintain an incident response function that includes cyber insurance