Since Russia has initiated a ground invasion in Ukraine, security leaders and their teams are asking how these military actions can impact their cybersecurity posture. In this piece we outline a five-point test to help evaluate your organization's risk.
Cybersecurity Implications of the Russian Invasion of Ukraine
It often helps to evaluate risk at the intersection of intent, opportunity, and capability (IOC). However, the intent portion of this assessment has changed with the beginning of hostilities on the ground in Ukraine.
Russian government threat actors are effectively military assets. As such, they are currently extremely busy targeting organizations that can provide intelligence on NATO intentions/reactions, UN intentions/reactions, and regional players such as Romania, Georgia, Poland, etc. Because these operators are a finite resource, they likely will not be motivated to prioritize destructive cyberattacks against US/EU organizations and infrastructure. This would likely change if the US or EU commit ground troops or air support.
Evaluating Your Organization's Risk Posture
When evaluating whether Russian government threat actors would target your organization, consider this five-point test:
- Will attacking this target cause disruption, ultimately undermining public support for actions against Russia?
- Will this attack be seen as an act of war by the victim? Note that Russia wants to avoid bringing US/EU into a shooting war.
- Does the attack burn cyber accesses or capabilities that cannot be easily replaced?
- Attacking this target limits future intelligence collection against the target. Is the intelligence gained significant? If so, destructive attacks are far less likely.
- Is this a target Russia will want to conduct destructive operations against if the US or EU escalates? If so, they likely won’t attack now since the accesses required will be hard to replace quickly.
This piece is a sampling from our Live Executive Communications Briefing led by IANS Faculty member Jake Williams on Friday, February 25 at 9am EST. These briefings are held following significant security events to provide our clients with the latest news and guidance on major incidents.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.