Q: What kinds of cyber-threats have organizations faced during Russia’s invasion of Ukraine?
A: Over the last six months, organizations in Ukraine have faced threats including massive distributed denial-of-service (DDoS) attacks, increased malware activity, targeted and persistent phishing attacks, disinformation campaigns and attacks on cyber-physical systems.
It’s important to remember that cyber warfare does not have geographical boundaries in the way that physical conflict does. For example, at least three energy companies in Germany have been targeted in cyberattacks since the invasion began. We’ve also seen cyber actors in other regions, such as China, taking advantage of the situation to propagate threats, as well as involvement from non-state actors, like the Anonymous hacking group engaging in an offensive against the pro-Russia Conti ransomware gang.
It’s likely that cyberthreats will continue at least as long as the physical conflict does. The “fog of war” can challenge situational awareness and panic will increase the risk of mistakes, creating an advantageous situation for bad actors. While the impacts of individual attacks will vary, the broader effects of a heightened threat environment will be felt by organizations worldwide.
Q: How have enterprise cybersecurity leaders responded to the heightened threat environment since the invasion?
A: In a recent Gartner poll, over a quarter of organizations in North America and EMEA said that they took some kind of cybersecurity action in response to Russia’s invasion of Ukraine. This was the most frequently cited response, ahead of actions related to sanctions, employee welfare or supply chain risk management.
The specific cybersecurity actions that enterprises took varied. For example, some reviewed and blocked known Russian threat actors’ tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs). Some shored up their threat intelligence and incident response capabilities, while others focused on promoting security awareness among employees and increasing communication with executives about emerging threats.
Overall, it’s a positive sign that CIOs and CISOs were generally aware that some action had to be taken to strengthen cyber-defenses as geopolitical tensions rose. However, these initiatives were largely tech-led. Cyber-conflict isn’t just a security problem, it’s a business problem, and as its impact continues to grow it will require more strategic involvement from business leadership at every level.
Q: As geopolitics becomes so closely intertwined with the cyber threat landscape, what can security and risk leaders do to prepare for the future?
A: The Russian invasion of Ukraine was the latest crisis demonstrating that enterprise security and risk cannot be managed in a vacuum by the CISO and their team. Crises place an additional premium on risk-based decision making, and business leadership must be involved at every level. Executives who make defensible, risk-informed choices are more likely to navigate their organizations with resilience, from response through recovery.
Geopolitics and cybersecurity have become inextricably linked. Therefore, as security leaders, you need to be looking at the global threat landscape from a business lens. Every business decision made in this environment has security implications, and vice versa.
Consider: how are current events impacting enterprise risk levels? What is the business’s appetite for that risk, and is it changing in the context of these events? Modern enterprise security leaders cannot just focus on vulnerabilities or security technologies. Rather, they must lead the enterprise to make informed decisions about its cyber-related risk exposure, and understanding the security impacts of global events is a key component of that new role.
About the Gartner Security & Risk Management Summit
Gartner analysts are presenting the latest research and advice for security and risk management leaders at the Gartner Security & Risk Management Summits 2022, taking place June 7-10 in National Harbor, MD, 21-22 June in Sydney, 25-27 July in Tokyo and September 12 - 14 in London. Follow news and updates from the conferences on Twitter using #GartnerSEC.
If you are a member of the media who would like to speak further on this topic with Paul Proctor, please contact Meghan Rimol at Meghan.Rimol@Gartner.com. Members of the media can reference this material in their articles with proper attribution to Gartner.