Given that Ukraine is a key global delivery location for IT and engineering R&D services, the conflict has introduced widespread uncertainty and significant concerns for companies operating in the country and the region.
With an imminent risk of cyber attack and a potential breakdown of internet and telecommunications systems in Ukraine, and of cyber attacks spilling over and causing collateral damage in neighboring countries, many clients have reached out asking about urgent cyber actions to put in place.
The more your company has ties with Russia or Ukraine the more it concerns you. But even if it doesn’t, there are still some crucial steps to take.
7 Urgent Cyber Actions for Companies to Take
- Hunt down and monitor all available indicators of compromise (IoCs) on current or recent cyber attacks (e.g., HermeticWiper, Whispergate, IsaacWiper, etc.)
- If not done already, deploy endpoint detection and response (EDR) on workstations and servers – it remains the essential tool to prevent a myriad of attacks. Now is the time to step up.
- Hunt and monitor all known IoCs for groups that have publicly indicated their support for Russia (e.g. Conti, Sandworm, Red Bandits, Stormous, etc.)
- Set up the discussion with your top management to keep versus replace Russian security tools. It is obviously a cyber risk issue, but also think about the ability to maintain the tools with the sanctions. You could risk not having any EDR in 2 weeks!
- Some customers are actively working on disabling all privileged accounts used in Russian perimeters (at least enhanced monitoring). But do consider the message you will send back to the employees by doing so.
- At the very least, anticipate the need for network isolation of Russian and Ukrainian entities. This means creating a red button that can be activated in a few minutes (e.g. routers, firewalls).
- Assess the risk of a compromised active directory (AD) on Russian perimeters. In case it is too interconnected with the Group, AD isolation should be considered, which is a very complicated topic.
In the longer term, we already know this conflict will have a huge impact on cybersecurity models. We will have to consider digital borders within companies, which means less interconnected information systems (IS), which are easily isolable. It may be necessary to work by “allied block,” following geopolitics very closely.
Every company will have to integrate digital sovereignty into its strategy.
Let our cybersecurity experts support you in assessing your company’s cyber risk profile and upgrading your cybersecurity strategy.