Posted In: Business Transactions & Corporate Counseling & Cybersecurity & Data Privacy
By Jarman J. Smith on March 17, 2022
As the Russia-Ukraine war continues to escalate, it’s clear that we have entered an era of cyber-warfare with the impact of cybersecurity attacks becoming a real threat all around the world. Although there are no credible threats to the U.S. at this time, the current conflict in Europe has involved cyber-attacks on the Ukrainian government and critical infrastructure establishments that could impact organizations both within and beyond the region. Therefore, it is imperative that organizations throughout the world be on high alert and prepared to respond to disruptive cyber activity to mitigate the impact of global cyber-attacks.
The Spread of the Cyberwar
The forefront of the cyberwar is currently in Eastern Europe, but its impact and reach could have global effects. Immediately following Russia’s invasion of Ukraine, online attacks against Ukrainian governments and military increased by 196%, and authorities in Ukraine estimate that approximately 400,000 multinational computer hackers have volunteered to help Ukraine counter these digital attacks.¹ This digital conflict proves that the online front of the war can, and has, jumped borders. Accordingly, the scope of this cyberwar has the potential to become global.
A look into history can reveal how easily the consequences of cyber warfare can have a global impact. For instance, in 2017 a suspected Russian cyber-attack initially disrupted Ukrainian airports, railways, and banks; however, the attack eventually spread around the world infecting a diverse array of multinational companies.² Given the interdependence of critical infrastructure sectors such as electricity and communications, another aggressive cyber-attack that spreads beyond Eastern Europe in a similar manner could shut down many infrastructure sectors at the same time, thus magnifying the global impact.
Cybersecurity Guidance for All Organizations
Due to the cyberwar, all organizations must adopt an elevated sense of urgency and attention when it comes to cybersecurity and protecting their critical assets. To aid in the progressive movement for greater cybersecurity measures around the nation, the Cybersecurity & Infrastructure Security Agency (CISA) has released a set of recommendations to prepare organizations for cyberattacks and mitigate their impact.³ Those recommendations include:
- Reducing the likelihood of falling victim to a cyberattack:
- Taking steps to quickly detect a potential cyberattack:
o All organizations should ensure that IT and cybersecurity teams are focused on identifying and quickly assessing any unexpected or suspicious network behavior. Keeping an accurate log can streamline this process by allowing IT personnel to better investigate issues or events. Moreover, every organization’s entire network should be protected by regularly updated antivirus and antimalware software. If your organization does any business with Ukrainian organizations, you should take extra precautions to monitor, inspect, and isolate traffic from those organizations while closely reviewing the access controls for that traffic.
- Ensuring that your organization is prepared to respond to a cyberattack:
o Your organization must align itself with trusted advisors, such as competent legal counsel, that can assist in the process of designating an incident response team and developing a written incident response plan. Having the proper policies and procedures in place will allow your organization to respond to any cyber-incident quickly and appropriately while reducing exposure to risk in the process.
- Maximizing your organization’s capacity to recover from destructive cyber-incidents:
o Every organization should regularly test backup procedures to ensure that its critical data can be rapidly restored if the organization is impacted by malware. Backups should be isolated from network connections to reduce the likelihood of becoming compromised during a cyberattack.
By following CISA’s recommendations, all organizations can make substantial progress toward advancing their cybersecurity measures. However, corporate leaders play a substantial role in ensuring that their organizations adopt the heightened security posture needed to set forth such advancements. Thus, your organization’s management should include cybersecurity personnel in the decision-making process when assessing risk to the company and weighing security improvements against the cost and operational implications to the business.
How Brouse Can Help
Although the U.S. government does not have credible information regarding specific cyber warfare threats to the U.S., organizations should plan for a worst-case scenario. Every organization should ensure that exigent measures can be taken to protect its most critical assets, including sensitive business and consumer data, in case of a cyber-intrusion. Certain policies, practices, and procedures can be implemented to significantly reduce your organization’s exposure to the risks of cyber warfare. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to defend against cyberattacks and to protect your organization’s valuable information by developing such security protocols. Our cybersecurity team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity awareness training, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response, and disclosure obligation services, cyber liability insurance review and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery, and response). Please contact us for more information and to learn how we can partner with you.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2022 Brouse McDowell. All rights reserved.