Skip to content
Get In Touch

The Potential ‘Cyber’ Fallout from the Russia – Ukraine Situation, and What You Can Do

2
min. read
The Potential ‘Cyber’ Fallout from the Russia – Ukraine Situation, and What You Can Do
Table of content

As geopolitical tensions rise between Russia and Ukraine, U.S. organizations face a growing risk of cyberattacks that could disrupt business operations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned all businesses to prepare for potential collateral damage from cyber operations linked to the conflict. CISA Director Jen Easterly emphasized the importance of proactive security measures:

“We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”

 

Current Situation: What We Know

According to recent reports, Russian cyber operations have already targeted Ukrainian government websites, private sector networks, and critical infrastructure. Some attacks have spread beyond Ukraine to neighboring countries, increasing concerns about wider impacts. For instance:

  • Wednesday: Denial of service (DDoS) attacks brought down key Ukrainian government websites.
  • Thursday: Data-wiping malware hit hundreds of Ukrainian computers as Russia launched its full invasion. These attacks have since spread to Latvia and Lithuania, raising fears of broader disruptions.

Reasons to Worry and Take Immediate Action

While there are no specific credible threats to the U.S. homeland at present, CISA is urging organizations to take immediate steps to enhance their cybersecurity posture. The Russian government has a history of using cyberattacks as part of its geopolitical strategy, including the 2015 attacks in Ukraine.

This situation bears similarities to the 2017 NotPetya wiper attack, which started in Ukraine and caused billions of dollars in damages globally. The U.S., UK, and EU attributed that attack to Russian state-sponsored hackers.

Next Steps: What to Do Now

CISA has issued Shields Up Guidance to help organizations protect themselves from potential cyber incidents. Key recommendations include:

Reduce the Likelihood of a Cyber Intrusion

  • Implement multi-factor authentication for remote and privileged access.
  • Ensure all software is up to date, prioritizing patches that address known vulnerabilities.
  • Disable any unnecessary ports and protocols.
  • Review and strengthen cloud service controls.

Quickly Detect a Potential Intrusion

  • Focus cybersecurity efforts on identifying unusual network behavior.
  • Ensure antivirus/antimalware software is updated and actively monitoring.
  • If working with Ukrainian organizations, closely monitor and restrict traffic from those entities.

Prepare to Respond if an Intrusion Occurs

  • Assemble a crisis-response team and conduct a tabletop exercise to ensure everyone understands their roles.
  • Ensure key personnel are available and prepared to respond to a cybersecurity incident.

Maximize Resilience to a Destructive Cyber Incident

  • Test backup procedures to ensure critical data can be restored quickly.
  • If using industrial control systems, test manual controls to maintain operations in case of a network disruption.

Corporate Leadership: Take Action Now

Corporate leaders, including CEOs, play a critical role in securing their organizations. CISA encourages senior management to take the following steps:

  1. Empower CISOs: Ensure Chief Information Security Officers are involved in risk-related decision-making and emphasize that security investments are a top priority.
  2. Lower Reporting Thresholds: Encourage the immediate reporting of any unusual cyber activity, even if blocked by security tools, to CISA or the FBI.
  3. Participate in a Response Plan Test: Engage senior leadership in tabletop exercises to ensure your organization is ready for a major cyber incident.
  4. Focus on Business Continuity: Identify critical systems and conduct continuity tests to ensure they can remain available after a cyber intrusion.
  5. Plan for the Worst: Be prepared to take exigent measures, including disconnecting parts of the network, if necessary, to protect your most critical assets.

Gradient Cyber’s Offer to Assist

At Gradient Cyber, we believe in taking action when it matters most. To help organizations navigate the heightened cyber threat environment, we are offering a complimentary Introductory Risk and Threat Assessment for small and midsize businesses. This assessment will help you understand the risks facing your organization and provide a second opinion on your current security posture. Contact us today to schedule your assessment.