United States:
Russia’s Invasion Of Ukraine Raises Cybersecurity Dangers For U.S. Businesses
To print this article, all you need is to be registered or login on Mondaq.com.
Russia’s full-scale military invasion of Ukraine is raising
cybersecurity risks for American businesses. Corporate
America must take immediate additional precautions to protect their
networks in light of what is quickly becoming a major war in
Europe.
This cybersecurity threat manifests itself in two ways.
First, Russia uses offensive cyber attacks as a central element of its military doctrine.
The Kremlin has repeatedly, and recently, launched denial-of-service and
malware attacks against the government and industry of
Ukraine. While the primary targets of these attacks are
Ukrainian, the fallout can easily reach far beyond Ukraine’s
borders. For example, in 2017, Russian military hackers
targeted Ukraine with the NotPetya wiper attack, but the malware spread
globally “causing billions of dollars of damage to
computer systems across Europe, Asia, and the Americas.”
That may well happen again during this war.
Second, if the United States takes further hardline positions
against Russian aggression—levying graver sanctions,
bolstering its military presence in Eastern Europe, barring Russia
from the SWIFT financial system, and even undertaking offensive cyberoperations of its
own—Russian state-backed actors may target U.S. government
and industry for direct cyberattacks. Notably, when Russian
police arrested members of the prolific Russian ransomware group REvil in January, authorities said they did so
on the basis of information provided by the United States.
The Kremlin could easily release the hackers amid souring
Russian-American relations, claiming that the U.S. intelligence
cannot be trusted, and REvil could reconstitute to blitz American
companies.
In the face of these rising dangers, businesses of all sizes
should take at minimum the following five steps to reduce cyber
risks during the Russian war in Ukraine.
- Revisit cybersecurity preparedness and incident response
plans. Boards of directors and senior managers should be
briefed. Crisis teams should be prepared and duties
assigned. Chief Information Security Officers (CISOs) and
their teams should test backup procedures to ensure the rapid
restoration of critical data if it is lost or otherwise
compromised. Prepare today to mitigate the dangers
tomorrow. - Ensure agreements with third-party service providers are
papered ahead-of-time. Time is of the essence in a
cyberattack. The longer it takes for a victim to onboard a cyber
forensics company to assess the extent of a breach, the worse it
can be for the business. Therefore, companies should prepare
retention agreements with third-party service providers, like
digital forensic and investigative firms, now. Companies
should ensure that these firms are being retained through counsel
and work under legal privilege, where appropriate. If the
agreements exist already, review them to ensure they are
up-to-date. - Protect networks. Companies, particularly those
with large work-from-home contingents, need to prioritize network
protection. As the Cybersecurity and Infrastructure Security
Agency (CISA) recommends in its “Shields
Up” program, this includes: validating all remote access
network users employ multi-factor authentication; ensuring all
software is updated and all known vulnerabilities patched; and that
cloud services, if applicable, are using top-of-the-line
protections. - Follow government guidance. Businesses should
align their efforts with recommendations from CISA, the FBI, and other government agencies. For
example, in mid-February, officials from several U.S. agencies met
with executives from major American financial institutions,
according to reports. And a February 20 FBI report warned that Russian
hackers “have targeted a variety of U.S. and international
critical infrastructure, including entities in the Defense
Industrial Base, Healthcare and Public Health, Energy,
Telecommunications, and Government Facilities Sectors,” and
that those dangers will increase in the event of a deteriorating
security situation in Europe. Industry should weigh these
warnings carefully and engage in outreach with the U.S. Government
to help protect private systems and contribute to the common
defense. - Call counsel at the first sign of an incident.
Cybersecurity incidents pose substantial business and legal
risk. At the first sign of an incident, businesses should
contact counsel to map out a response, investigate where necessary,
and coordinate with regulatory authorities, if appropriate.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States
