GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

By Don Boian

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases.

Related: Cyber espionage is in a Golden Age

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate.

Each of these organizations performs cyber operations for various reasons. The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Some Russian cyber actors may gather intelligence while others are financially motivated.

Cybercrime is big business as global losses to ransomware are projected to reach $42 billion within the next two years.The economic sanctions that many nations have put in place to influence Russia will most likely trigger an increase in the illicit business of cybercrime to help offset losses to what was legitimate trade.

Cyber attack targets

Russia isn’t the only cyber actor increasing its pace of cyber operations during this time. While the world focuses on Ukraine, other state actors have increased actions to penetrate government and private sector organizations. While you might think that these actors are interested in government and defense information, their operations prove they are interested in much more – including software development and information technology, data analytics, and logistics.


Your company’s intellectual property may be a target – and don’t think you are not just because you aren’t associated with defense contracting. Cyber actors are commonly after intellectual property or revenue.

Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. businesses called #ShieldsUp.

The efficacy of hygiene

Many of their recommendations are basic cybersecurity hygiene that require minimal effort to implement but can dramatically reduce your risk:

•Ensure all software (operating system and applications) are updated and patched. Enable auto-update features if available.

•Educate your employees on threats and risks such as phishing and malware.

•Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root).

•Segment or isolate portions of your network that are critical to your business, process, or store sensitive information

•Configure all IT systems with hardened profiles that only allow network services essential to your business function; harden or eliminate the use of protocols such as RDP and SMB.

Accounting for humans

While all these technical steps to reduce the risks of cyberattacks are valuable, the step that’s often overlooked or underfunded is the one that can be the most impactful – employee awareness. Implementing a culture of security and empowering employees to report suspicion of abnormal activity on information systems is key to stopping these threats early.

Not all cyberattacks take advantage of a user and result in penetration of your system. Still, the most common infection vectors are through a user – clicking a link, browsing to a page, sharing their password, or choosing a weak password. Therefore, educating your employees about the importance of security to your network is critical. Enabling employees to be your first line of defense can boost security and reduce risks.

In addition to the best practices above, it’s prudent to also have plans and procedures in place if a cyberattack is successful. These procedures will not only help get your business back up and running more quickly, but are critical to staying compliant with state or federal regulations requiring the reporting of cyber incidents. Just as businesses focus on resiliency and disaster recovery, they must also consider a cyberattack or incident that can cripple their product and/or revenue.

As the world watches the events in Ukraine, cyber incursions by hostile actors will continue across the globe. These threats will continue to plague businesses and our personal lives for the foreseeable future. Instead of falling into the trap of thinking you won’t be a target or have nothing of value for cyber attackers, take these steps to address and prepare to defend against these risks.

For more details on how to harden your IT infrastructure to ransomware attacks, consult the CISA and Multi-State Information Sharing and Analysis Center’s Ransomware Guide.

About the essayist: Don Boian is the Chief Information Security Officer at Hound Labs, Inc., which supplies ultra-sensitive, portable marijuana breathalyzer technology. He worked at the National Security Agency for 30 years on defensive and offensive cyber operations, and most recently served as CISO for a large regional bank.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone