The continued conflict acts as an urgent reminder for agencies to review their cybersecurity strategies.
Going into the second month after Russia first began its invasion of Ukraine, the attack shows no sign of ending soon.
Already, the conflict has displaced millions, damaged and destroyed critical Ukrainian infrastructure and sent ripples through the global economy.
The conflict could soon have a major impact on cybersecurity — especially for organizations that manage critical U.S. infrastructure or work closely with the U.S. government.
For insurers with important digital assets, new cybersecurity measures may be essential.
An Increase in Cyberattacks?
There is reason to believe that Russian cybercriminals and state actors may begin to attack American businesses in the next few weeks — and according to some commentators, these attacks may have already begun.
Russian cyberattackers have certainly been active in Ukraine, according to the Harvard Business Review — and Ukraine may currently be serving as a testing ground for novel cyber warfare technology.
It is difficult to attribute cyberattackers to specific actors or organizations, however, making it difficult to know where these attacks came from and what they may signify for Ukraine, NATO and businesses in NATO countries.
Credit rating agency Fitch Ratings has suggested in a blog post that the war in Ukraine may increase “spillover risks” of global cyberattacks.
This potential for spillover, along with the already-heightened levels of ransomware attacks against businesses, could make a wide variety of businesses more vulnerable to cybercrime.
Fitch considers cyber insurance to be a key cyberattack risk management tool. If it’s not possible to prevent a ransomware attack or similar cyberattack, insurance will help a business to mitigate the impacts of the attack on company productivity, security and reputation.
Over the next few weeks, as the conflict continues, the Russian state and Russian cybercriminals may respond to continued American and NATO involvement in the conflict with cyberattacks on American institutions and businesses.
Emerging Threats May Build on Existing Cybercrime Infrastructure
Russian cybercrime was also a significant threat to American businesses before the invasion. In December 2021, Irfan Rawji, CEO of MobSquad, spoke with financial software developer Multiview about the growing cybercrime industry in Russia.
“I think that [cyberattacks] have become a business in certain parts of the world,” said Rawji. “I was at a conference just before COVID where they brought experts in that help protect companies against these risks. These experts say attacks on websites in North America usually spike between 8:00 AM and 5:00 PM local time in Moscow. It’s essentially a business.”
If the infrastructure for ongoing cyberattacks against North American companies were in place before the invasion, it’s possible that attacks may increase now that cybercriminals in Russia have new incentives to attack American businesses.
The conflict could also push hackers to change their tactics. Ransomware is on the rise globally, but some cybersecurity experts are concerned about the rise of wiper malware in Russian cyberattacks on Ukrainian organizations.
Attacks using wiper malware “on the surface resemble ransomware attacks with the attacker dropping a ransomware note,” said Vishaal ‘V8’ Hariprasad, CEO of cyber insurer Resilience. “However, there is no ransom recovery mechanism, and the purpose is to render data unrecoverable.”
Hariprasad believes that there is no need for organizations outside Ukraine to panic, but that all businesses should take this opportunity to prepare cyber defenses. With the right cybersecurity measures in place, businesses can keep the risk of cyberattacks “within tolerance.”
How Attacks May Impact Cyber Risk Insurance
For the insurance industry, the growing risk of cyberattacks has steadily become more worrying — and experts predict that cyber underwriters may soon increase rates in response to the rising cost of a successful ransomware attack.
Some insurers are also considering how war exclusions may affect policies held by businesses targeted by state-sponsored cyberattacks.
One New Jersey judge has already ruled that acts-of-war exemptions don’t cover cyberattacks, but the legal landscape on this issue is likely to become more complicated over the next few weeks.
What Insurers Can Do to Secure Critical Digital Assets
Insurers should prepare for the possibility of cybercrime, even if the business has managed to avoid similar attacks in the past.
The specific strategy and security posture that a business will need to adopt can vary significantly based on the business’s market, its relationship with government institutions and the data the business stores. All businesses, however, can benefit from a few of the same security best practices.
In addition to discussing the state of cybercrime in Russia before the invasion, Rawji and Multiview also discussed the steps that businesses can take to keep their digital assets safe.
“Obviously, you have to do the baseline things. Make sure your business is not the lowest hanging fruit for these actors, whose day job is trying to hack sites,” said Rawji.
“The second is to adopt a mindset of ‘It’s not an if, it’s a when.’ If you adopt that mindset, you’ll think through, ‘When this happens to us, how do we react?’ ”
Strategies for Securing a Company Network Against Future Attacks
The “baseline things” include ensuring that your business has implemented the most basic cybersecurity practices, like risk assessments, security planning, a security team and common security tools.
Technology, policy and user training will all play an important role in business cybersecurity. Every business will need to have the right combination of security tools, know-how and regulations that will keep critical information safe.
User training may be especially important. Phishing attacks and other social engineering attacks are on the rise. Hackers use these attacks to exploit uninformed employees without cybersecurity training and gain access to your business network.
Employee training can help ensure that employees are able to spot phishing attacks, making them less likely to install dangerous files or hand over access credentials to hackers.
Rawji’s recommendation that businesses think in terms of “when” rather than “if” can help an enterprise prepare more effectively for an attack. Cybersecurity research shows that businesses of all kinds are at risk, regardless of the data they collect or the organizations they partner with.
While some businesses may be at greater risk than others, it’s likely that no organization is too small or too low-tech for a hacker to target. Preparing now can help businesses mitigate the risk an attack may pose.
Insurers Should Review Cybersecurity Strategy Amid Ukraine-Russia Conflict
As the Ukraine-Russia conflict continues, both directed cyberattacks and “spillover” could have a major impact on global businesses.
Insurers wanting to protect their digital assets should take action now. Reviewing cybersecurity policies and strengthening security systems can help companies keep their assets safe, even as cyberattacks continue to rise.
Training will also likely be important. Employees who know how to spot social engineering attacks can help to keep a company’s network safe.