Attacks from state-sponsored groups or organised criminal gangs are a daily concern for anyone building serious defences for networks anywhere in the world.
In the wake of Russia’s horrific invasion of Ukraine, many predicted that Western companies and government organisations could expect to see an increased risk of cyberattacks. As economic sanctions start to bite the risks of hybrid digital warfare will increase.
Security is for every day
There is no bad time to look at your vulnerability management to try and see what you’ve missed. But you really should not wait for major geopolitical developments to justify doing so. It should be part of ‘business as usual’, whatever type of organisation you are protecting.
A good defence is an active defence. You need to be continuously and regularly scanning systems for weakness and looking to the horizon for coming threats. Systems that are safe today might not be safe tomorrow – new vulnerabilities and exploits are always emerging.
There’s no doubt there is a raised risk of digital attacks in the coming weeks, especially for some sectors like transport and financial services. There’s been a reported eight-fold increase in Russian-based phishing and credential harvesting attempts since 27 February. And these are highly targeted attacks – one European, but US-owned, company with business links to Ukraine saw its entire executive team targeted.
It’s also important to keep in mind that the media are like magpies – they will quickly move onto the next shiny thing. Take Log4j, for example. It’s not in the headlines much anymore, but it still poses a big risk. We’re likely to see Russian attackers creating new exploits for it in the coming months. We’re also likely to see an increase in denial-of-service attacks.
Black swans and prepping for the unknown
Too often, despite warnings, humans prepare for the wrong thing – or don’t prepare at all. For example, the risk of a pandemic has long been on the top of lists of warnings for business and government. But despite past pandemics of polio and influenza, and several recent near-misses – SARS and Ebola – the COVID-19 pandemic was still seen as a bolt from the blue that no one could have predicted.
If you have the defences and the right processes in place, you can flex and extend them to counter changing threats. But the time for learning is not while the attack is happening.
Increased vigilance also requires a well-prepared incident response plan so you can shut the window of exposure as quickly as possible.
Of course, however good your countermeasures, you cannot discount the possibility of a successful breach. If that does happen, you need well tested continuity and recovery plans in place to get things back up and running as quickly as possible.