What would ‘cyberwarfare’ really mean for businesses?
As the military conflict in Ukraine has intensified over the last three weeks, fears of an unprecedented cyberwar have also increased. Ahead of Russia’s invasion, Ukraine accused the country of the denial of service (DDoS) cyberattack that targeted its defence ministry and two state banks. Although limited in its destructiveness, the desired outcome of the attack was likely to cause panic and damage the country’s morale before the invasion of two regions in eastern Ukraine on 24 February.
The pretext to this is a long string of cyberattacks by Russia against Ukraine since the 2014 war, of which the NotPetya malware attack of June 2017 was the most devastating. First targeting Ukraine’s energy, financial and government sectors, it spread globally and became the “most economically damaging cyberattack of all time”. Now, amid a warning from Ciaran Martin, former Chief of the UK’s National Cyber Security Centre (NCSC), that we are at risk of another NotPetya-style attack as the war escalates, the hacker group, Anonymous, has declared its own cyberwar on Russia.
There is consequently a very real threat of “spillover” from increased cyber activity in Ukraine which is only heightened by the involvement of the wider hacker community. So, what would a cyberwar look like, and which businesses are most at risk?
In the event of a cyberwar today, any small business that is part of a supply chain for publicly-owned organisations or government bodies would be at risk. Recent attacks through third-party providers, like the cyberattack that affected James Hall and SPAR, show just how hackers can use back-door entrances through partner companies with less resource to secure their networks. Cyberwarfare will make supply chains increasingly vulnerable as criminals will look to exploit them to penetrate the wider public sector.
To overcome this, it is imperative for organisations to understand the risk of their involvement with third parties. Regular penetration testing, contractually agreed liability around breaches, and well-defined security policies and frameworks are all key measures that can be adopted to help mitigate vulnerabilities. What’s more, implementing a Zero Trust architecture offers additional protection against a potential supply chain attack by eradicating the implicit trust given to internal users.
Operational Technology (OT)
In the event of a cyberwar, criminals will also aim to target the critical infrastructure that keeps countries functional. Operational Technology (OT) would therefore be at the centre of this threat. Transport networks, warehouse machinery and medical devices are all vulnerable in this scenario. Moreover, the radical increase of the Internet of Medical Things (IoMT) in healthcare means that criminals can hack and affect life-saving-OT. By targeting IoT (Internet of Things), IoMT and OT, a country could very quickly become crippled, as well as resulting in a genuine loss of life. This would only become more disastrous if deployed at the same time as a physical attack.
An outsourced solution
Organisations should be looking to proactively protect their networks from the fallout of cyberwarfare with consistent threat monitoring. Working with a cyber security partner will enable organisations to benefit from the aggregate value of wide, varied threat intelligence from across the entire threatscape. An outsourced Security Operations Centre (SOC) should form a core element of any cyber security strategy. With the ability to identify and neutralise an attack in less than six minutes, combined with round the clock threat detection and response, the expertise of a SOC is invaluable in light of the cyber skills gap affecting 50% of businesses.