March 21, 2022
Cyber Risk

Protecting Critical Infrastructure During Times of Conflict

The conflict in Ukraine is being fought on land and across the internet. While conflict can be contained physically on land, the same cannot be said for any individual or business connected to the internet. This poses a significant threat to critical infrastructure, both within and beyond Eastern Europe.

“Based on the global reaction to the current world conflict, countries fear reprisals. The worry is, will there be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict,” - Michael Johnson, Chief Information Security Officer, Meta Financial Technologies, and member of Safe Security’s Board of Directors.

Industry leaders aren’t just concerned about adversaries breaching critical infrastructure, but losing access and control to them. Governments and commercial security organizations have already confirmed collateral damage to organizations beyond Europe. Experts monitoring HermeticWiper and WhisperGate malware variants created for use against Ukraine have forewarned of similar attacks to NotPetya spreading beyond Russia and Ukraine, signaling strong potential for unintended spillover into other countries. The Conti Ransomware gang remains active throughout the conflict and so far CISA has reported that attacks against both US and international organizations have risen to more than 1000.

A global concern: Ukraine’s Ministry of Foreign Affairs reports that more than 100 of the world’s Fortune 500 companies rely at least partially on Ukrainian IT services, with several Ukrainian IT firms being among the top 100 outsourcing options for IT services globally.

Today, the question of risk is at the forefront of any conversation. As Cybersecurity and Infrastructure Security Agency (CISA) outlines in its ‘Shields Up’ guidance, the first step to resilience is to reduce the likelihood of a damaging cyber intrusion in the first place. However, to reduce the likelihood of an incident, you first need to know and measure the likelihood of it happening. What can your business do to adopt a more predictive approach in these unprecedented times?

Visibility creates confidence in critical infrastructure cybersecurity

There is more that organizations can do to predict the likelihood of a data breach proactively. Go beyond preparing for advanced persistent threats (APTs), malware, ransomware, DDoS, network attacks, code flaw vulnerabilities, and privilege escalations. Whether you’ve explored proactive cybersecurity, or not, you can do a lot more with the cybersecurity services and initiatives that already exist in your security landscape.

  1. Follow your government’s guidance

    Government cybersecurity organizations regularly update TTPs being leveraged by threat actors and provide methods to verify cybersecurity preparedness.

    1. Seek out your government’s recommendations for businesses and business continuity. Make full use of their threat intelligence and mitigation advice.
    2. Stay in close contact with your national government or cybersecurity agency to ensure your understanding is current and up-to-date. Many governmental websites of the National Cyber Security Centre (UK) and the Department of Homeland Security (US), among others - contain vital information that is updated regularly and designed specifically for your use.

    Your security team should ensure that it stays abreast of this direction and utilize industry resources such as the MITRE ATT&CK Framework to identify potential risks within your organization and how to mitigate them.

  2. Promote employee vigilance

    90% of data breaches have a human element. It is essential that your employees have the knowledge and tools to become an effective line of defense.

    1. Empower your employees to play their key role in your security by providing advice, training, and clear lines of communication and escalation to security.
    2. Work closely with your communications teams and leaders across organizational functions to promote vigilance.

    Your business is already collecting the information that will enable a risk-driven view of your employee risk posture, such as UEBA status, device security updates, operating software status, XDR, EDR, cybersecurity awareness, phishing simulations, privilege and access, identity and access management. This data can be used to generate a cyber risk profile for each of your employees, rolling up to your organization’s overall employee risk status.

  3. Insurance: Know what’s covered and what’s not

    The current conflict may test your business’s risk-sharing techniques. If you become victim to a data breach, directly or indirectly, be prepared for a higher degree of scrutiny around the language and terminology used to describe the breach.

    1. Do not assume that you’re fully covered by your cybersecurity insurance policy. Be clear on the terms and conditions of your policy in the context of national and international conflict, such as ‘war exclusion’ or ‘hostile act exclusion’, and collateral damage thereof.
    2. Ensure that you clearly understand what your coverage includes and excludes, and revisit coverage if and where necessary.

    It is essential to recalibrate your cybersecurity budget based on your cyber risk appetite and tolerance on a periodic basis regardless of any major geopolitical events.

Measure, manage, and mitigate your cyber risk: Integrate your cybersecurity effort

A successful attack on critical infrastructure could cripple a country and truly hit it where it hurts - its people, economy, and land. The aftershock may be felt across borders long after the attack takes place. Critical infrastructure organizations need to look beyond their physical and on-premise risk to gain true visibility of risk across an enterprise.

Today, the lack of visibility is one of the key challenges owing to the complex infrastructure of this sector. The digitalization of critical infrastructure and increased dependence on public cloud services have made it vulnerable to cyberattacks across vectors. Supply chain attacks are becoming increasingly commonplace, with several critical infrastructure businesses being compromised as collateral damage.

Global organizations across countless industries are moving to a strategy of prediction and measuring the likelihood of a breach. Critical infrastructure can follow suit by exploring cyber risk quantification to identify and mitigate their critical risk. You’re already collecting data through various data points across your organization. Pool this information, identify the risk, quantify the risk, mitigate the risk that increases your exposure and likelihood to attack.

Organizations that effectively mitigate their cybersecurity risk exposure all share one common characteristic: they each take a proactive approach. They understand that you cannot manage what you do not measure. By quantifying risk, organizations proactively move to a position of strength and possess an invaluable capability that takes the guesswork out of cybersecurity.

To find out more about how this works in practice, explore our case studies to discover how multiple Fortune 500 companies and global brands in the critical infrastructure sector are using SAFE to proactively measure, manage, and mitigate their cybersecurity risk.