Skip to content

War isn’t a scenario that the average IT team plans for, although recent events in Ukraine have brought the idea closer to home. With the idea of cyber warfare making global news, as an IT Leader or Manager, you might be getting questions from people in your company asking what this means to you or what’s been done to mitigate risk.   

Three of our security specialists share their thoughts, covering the level of danger we face, the role of cyber insurance, and what can be done to protect your company. 

Has the Russia-Ukraine conflict increased the risk of a cyber-attack?

Yes. Governments, energy companies and healthcare providers – anyone involved in critical infrastructure – are more at-risk during times of unrest. But this doesn’t mean they’re the only targets: “Malicious cyber activity has increased and that’s probably going to continue over the coming weeks. Unsanctioned hackers in basements, on either side of the conflict, may indiscriminately target whoever they can, making companies with weak security a target.” Hylton Stewart, Information Security Manager at Ekco, explains, “Similarly, if Amazon or Google are targets of a DDoS attack, email and collaboration tools could be impacted, which would have a knock-on effect for most businesses, so it’s not just direct attacks we need to think about.” 

The increase in attacks will demand a shift in focus. Attacks for financial gain, which hold businesses for ransom, are now carried out for political reasons. Hackers may look to delete entire systems, for example, to cause disruption.   

The only way to protect against this is to have immutable or air-gapped backups alongside disaster recovery systems. “If everything is destroyed or compromised, even when you do have safe backups, it still takes weeks to rebuild. If this is too long for your business, you need to look at disaster recovery options. This will help you recover faster.” adds Nigel van Houten, Head of NetOps for Benelux at Ekco. 

What protection does cyber insurance offer against war?

There are two main reasons why cyber insurance falls short. Firstly, as Hylton explains, cyber insurance policies are changing: “a lot of insurers haven’t included cover for things like acts of war or nation-state attacks in their cyber insurance policies. In the past, these haven’t been a consideration.” 

“That’s a problem if you rely solely on cyber insurance. If your insurer won’t pay out, and you have no other protection in place, you’re hit with a double whammy.”  

The real-world scale of a cyberattack is hard to estimate, so policies don’t cover the indirect costs of an attack. You have the cost of potential data loss, the cost of recovery, and you have the reputational damage of a breach too, which most insurers don’t consider. “We should repeat over and over,” says Nigel, “investing in securing your IT, to prevent and protect against attacks, is an insurance policy in itself.” 

How to prepare for the increase in cyber attacks

If you or stakeholders at your company are concerned by the rising threat, Conor Scolard, Technical Director at Ekco, says to focus on the basics: “Start by air gapping your backups. Ensure you have logging turned on everywhere. Change administrator passwords. Pull back access privileges from people for a while, this is temporary. They’ll get their permissions back but it’s just a lot safer to lock everything down for now. High-level privileges are the goal of any attack to be successful.”  

Ward Solutions, Ekco’s specialist security consultancy, cover the precautions in more detail in their recent advisory notice, which you can read here.   

Hylton adds that end-user awareness is crucial in the short-term “There’s going to be an increase in phishing attacks related to the news in Ukraine, so get some comms out to your people about this. Make sure you’re not going to fearmonger but get something out via email that asks people to exercise caution, that supports them in identifying potentially malicious fake news emails. Tell them not to just click on links or start logging into news portals.”  

If you haven’t prepared for an attack, Conor suggests thinking about the positive changes you can make today “Even if you put eight hours into it, what could you do? Park whatever you’re normally working on for eight hours and cover the basics. Make sure you have good backups, do a test. If you have a DR Solution, test it. Data recovery and access credentials are key. You’re not going to implement multi-factor authentication everywhere overnight. Be realistic, you don’t want to make those kinds of changes too quickly.”   

In the long-term, Hylton adds that visibility is key. You need insight into your infrastructure and your users’ activity to know when something’s wrong. “The average detection time is 250 plus days, so make sure you’ve got proactive monitoring, so you know when to invoke your incident response and business continuity plans.” 

Security fundamentals in a volatile world

All three of our experts made one thing very clear: the basics of security remain the same. Good cyber hygiene is good cyber hygiene, and there’s always time to make a change. “It could take months for something to happen,” says Conor, “If someone’s feeling vulnerable now, or like they won’t be able to sleep at night, they can simply begin by taking action now. Any improvement is better than none.”   

If you have any concerns, and you think a five-minute chat with a specialist could help, get in touch with us today. As a community, we need to help each other at times like this, so there will be no sales element to the conversation. 

pic pic

Got a question?
Our experts have an answer