Russia – Ukraine Conflict Likely To Impact U.S. Businesses – Technology

Russia’s unprovoked attack on the Ukraine has not been
restricted to land. Ukrainian tech resources have been hit by
cyber-attacks, particularly against its government and banking
systems in a coordinated effort by Russia’s military
intelligence unit.¹ Several websites of Ukrainian
government departments and banks were hit with distributed denial
of service attacks (DDoS), which is a form of attack where threat
actors overwhelm a website with traffic until it crashes. While the
conflict has not yet spread to western countries, U.S. businesses
may still feel the impact due to their reliance on Ukrainian IT
services and from potential retaliatory attacks from Russia due to
significant U.S. sanctions.

Though not having a physical presence in the Ukraine, many U.S.
companies use outsourced Ukrainian IT services. According to the
Ukraine’s Ministry of Foreign Affairs, 1 in 5 Fortune 500
companies rely on the Ukraine’s IT outsourcing sector.²
Ukraine’s tech workers support banking, insurance, and
financial operation services around the world. To mitigate
potential impacts, software and technology providers are working to
move services and workers elsewhere. For example, SAP SE has closed
its office in Kyiv and website development platform Wix.com Ltd.
moved its workers to Poland and Turkey last week.³ However, technology
resources such as code, designs, and documentation may still be
vulnerable.

The Department of Homeland security has yet not advised of any
specific or credible threats to the U.S. homeland, but the
Cybersecurity & Infrastructure Security Agency (CISA) published
a “Shields Up” memo advising U.S. businesses to prepare
to respond to disruptive cyber activity.⁴ Though Russia’s
cyber attack efforts have primarily targeted the Ukrainian
government and critical infrastructure, growing support for Ukraine
in the US and other NATO countries increases the likelihood of
Russian cyber-attacks against businesses, governments, and critical
infrastructure of those allies. Attacks are also a possibility as a
retaliation for the heavy sanctions being levied against Russia by
the U.S., with direct targets being critical infrastructure.

All businesses, large and small, should remain vigilant during
this time of heighted risk and vulnerability. As part of its
support of U.S. businesses, CISA has compiled a catalog of free cybersecurity services and
tools, which include very helpful resources and up to date
information about the latest attack and defense strategies. Certain
additional steps recommended by CISA and industry leaders can help
shore up vulnerabilities and lower the risk of a cyber incident, as
well as renew the commitment as a business to maintaining a strong
cybersecurity program. These steps include but are not limited
to:

1. Hope for the best, plan for the worst. It is
   near certain that all U.S. businesses will be the victim of an
   attempted cyber-attack at some point (whether that be from Russia
   or other threat actors); what is in question is the level of
   success. Businesses should check with their cloud providers to
   ensure all protections are enabled, even if there is increased
   cost. Ensure that data is being regularly backed up to minimize
   business interruption from an encryption event or if data is wiped.
   If it has been a while since you have updated your cyber incident
   response plan, review the plan to ensure it is up to date and
   conduct tabletop exercises to run through how a cyber event will be
   handled.




2. Take proactive steps to reduce the likelihood of a
   cyber event. Review policies regarding remote access,
   authentication requirements, and secure controls to ensure they are
   up to date and consistent with best practices. Ensure that all
   software is updated to the latest version, and that IT has disabled
   ports and protocols that are not essential for a business purpose.
   Particularly if your organization or your critical service
   providers work with Ukrainian organizations, take extra care to
   monitor, inspect, and isolate traffic from those organizations. IT
   should also take additional care to monitor unexpected traffic from
   overseas.




3. Conduct trainings with employees. Regular
   cyber security trainings with employees should already be a part of
   your business’ practices for employees with access to company
   networks and data. However, the heightened risk presented today
   merits additional reminder trainings, as well as targeted trainings
   about how to best protect business computer systems by employees
   with significant access.

Footnotes

1 Ryan
Browne, “The world is bracing for a global cyberwar as Russia
invades Ukraine”, CNBC (Feb. 25, 2022) (https://www.cnbc.com/2022/02/25/will-the-russia-ukraine-crisis-lead-to-a-global-cyber-war.html).

2 Edward
Segal, “Why The Impact of Russian Cyberattacks On Ukraine
Could Be Felt Around the World”, Forbes (Feb. 23, 2022) (https://www.forbes.com/sites/edwardsegal/2022/02/23/the-impact-of-russian-cyberattacks-in-ukraine-could-be-felt-around-the-world/?sh=649680cb56b2).

3
Isabelle Bousquette and Suman Bhattacharyya, “Ukraine’s
Booming Tech Outsourcing Sector at Risk After Russian
Invasion,” The Wall Street Journal (Feb. 24, 2022) (https://www.wsj.com/articles/ukraines-booming-tech-outsourcing-sector-at-risk-after-russian-invasion-11645749755).

4
“Shields Up”, CISA (last accessed Feb. 25, 2022) (https://www.cisa.gov/shields-up).