As Russia unleashes war on Ukraine, many are asking about a possible Russian cyber-attack. Asharq News interviewed Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, about the Russian Ukraine Conflict and its impact on the cyber nexus.
Note: In the segment linked above, Bryce is being translated.According to Bryce, GroupSense is actively monitoring the ongoing international tension surrounding a potential Russian incursion on Ukraine. Due to Russia’s historical activity against Ukraine, as well as recent developments, it is highly likely that such an incursion would include significant cyber and influence operations carried out by Russian actors. While the bulk of this activity would likely target Ukraine, it is possible that such operations could impact public and private organizations in the United States and other NATO countries.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning over the possible risk of Russian cyberattacks onto the U.S. "The Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe. The Russian government understands that disabling or destroying critical infrastructure — including power and communications — can augment pressure on a country’s government, military and population, and accelerate their acceding to Russian objectives."
Distributed denial of service (DDoS) attacks on Ukrainian government websites, as well as the wiper malware deployed against Ukrainian financial institutions pose a large scale risk of cyber warfare.
As recently as Wednesday, several Ukrainian government websites were offline as a result of a mass DDoS attack. The attack, which also impacted some banks, began around 4 p.m. local time.
Globally, businesses need to be prepared for potential Russian cyber-attacks by both by state and non-state actors.
Advice to Corporate Leaders
According to CISA, if you weren't prepared before now it might be too late. They recommend that corporate leaders and CEOs do the following:
- Empower Chief Information Security Officers (CISO): In nearly every organization, security improvements are weighed against cost and operational risks to the business. In this heightened threat environment, senior management should empower CISOs by including them in the decision-making process for risk to the company, and ensure that the entire organization understands that security investments are a top priority in the immediate term.
- Lower Reporting Thresholds: Every organization should have documented thresholds for reporting potential cyber incidents to senior management and to the U.S. government. In this heightened threat environment, these thresholds should be significantly lower than normal. Senior management should establish an expectation that any indications of malicious cyber activity, even if blocked by security controls, should be reported, as noted in the Shields-Up website, to CISA or the FBI. Lowering thresholds will ensure we are able to immediately identify an issue and help protect against further attack or victims.
- Participate in a Test of Response Plans: Cyber incident response plans should include not only your security and IT teams, but also senior business leadership and Board members. If you’ve not already done, senior management should participate in a tabletop exercise to ensure familiarity with how your organization will manage a major cyber incident, to not only your company but also companies within your supply chain.
- Focus on Continuity: Recognizing finite resources, investments in security and resilience should be focused on those systems supporting critical business functions. Senior management should ensure that such systems have been identified and that continuity tests have been conducted to ensure that critical business functions can remain available subsequent to a cyber intrusion.
- Plan for the Worst: While the U.S. government does not have credible information regarding specific threats to the U.S. homeland, organizations should plan for a worst-case scenario. Senior management should ensure that exigent measures can be taken to protect your organization’s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary.
Schedule a GroupSense Executive Briefing
Book a briefing with a member of the GroupSense Executive Team on the cyber nexus of international conflict. Click to book your briefing >
About Asharq News
The basis of the content provided by Al Sharq is the news, and the news in the Sharq is the starting point for an integrated story that contains news, analysis, and all opinions and their various dimensions. Al-Sharq attaches great importance to the economic content and its analysis, and is also interested in explaining the economic effects on the social and political conditions in the Arab countries, provided by an exclusive partnership with Bloomberg, the leading global company in the field of international business and financial information and news, in addition to the efforts of 2,700 analysts, financial and economic correspondents affiliated with Bloomberg around the world.
About Bryce Webster-Jacobsen
Bryce is the Director of Intelligence Operations at GroupSense, a leading provider in Digital Risk solutions. Bryce leads the day-to-day intelligence activities of GroupSense's Analyst and Research teams producing finished, tailored intelligence for our diverse clients.
Prior to GroupSense, Bryce worked in strategic international education initiatives while pursuing OSINT training and investigations, primarily focused on studying extremist movements, as a passion project.