They say nothing sharpens the mind like a crisis. Business and IT leaders around the globe are all warily watching to see to what degree the current conflict in Ukraine will escalate. The biggest concern for many of them is, of course, the level of disruption that might ensue after a cyberattack.
While critical infrastructure around the globe is now generally always under some form of sustained attack, the biggest issue for the average organization is the collateral damage that might occur should an attack designed to, for example, cripple a website might inadvertently knock other websites offline around the globe. Business and IT leaders around the world have been reminding employees to be more vigilant than ever when it comes to protecting the organization from these attacks. A Cyber Attack Predictive Index (CAPI) created by Johns Hopkins Information Security Institute to track levels of volatility is already maxed out at a score of 25.
Hackers with varying levels of skills are already launching attacks. Unfortunately, many of them don’t always make nuanced distinctions when identifying legitimate targets during international conflicts. A supplier of a raw material that happens to also be used in the construction of armored vehicles, for example, might be considered a legitimate target.
The National Cyber Security Centre (NCSC) in the United Kingdom and the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) in the U.S. also issued a joint alert to inform cybersecurity teams of new malware dubbed Cyclops Blink attributed to the threat actor known as Sandworm or Voodoo Bear that right now is being used to compromise specific types of firewalls and gateways.
Preparing to protect against a new level of attack
Most cybersecurity professionals are naturally focused on protecting their organizations to the fullest extent possible. They would, however, be remiss if they did not take this opportunity to remind business executives of how risks to organizations rise sharply in times of conflict. Business leaders generally have a good understanding of how to weigh risk versus reward. Often to the frustration of cybersecurity professionals, most business executives have been relatively comfortable with the level of cybersecurity risk their organization faces when compared to the opportunity the internet has afforded them. That calculus is subject to change if the scope and sophistication of the attacks being launched suddenly escalates.
No one can say with any certainty how cyber warfare might unfold in the days, weeks, and months ahead. Nation-states that engage in it know they are likely to receive as good or better than they give. Once the extent to which mutually assured destruction can quickly be achieved, cooler heads will prevail. Regardless, most cybersecurity professionals already know all too well from past experiences how indiscriminate cyberattacks launched by nation-states can be.
Most organizations are not likely to be able to defend themselves long from a sustained series of targeted attacks launched by nation-states that have spent decades honing that capability. However, there are still plenty of prudent measures cybersecurity teams know should be implemented sooner rather than later to reduce the chances an organization will become yet another type of non-combatant casualty in a cyberwar that is not going to be contained by something as trivial as a border.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.