Matthieu Garin
Matthieu Garin

Given that Ukraine is a key global delivery location for IT and engineering R&D services, the conflict has introduced widespread uncertainty and significant concerns for companies operating in the country and the region.

With an imminent risk of cyber attack and a potential breakdown of internet and telecommunications systems in Ukraine, and of cyber attacks spilling over and causing collateral damage in neighboring countries, many clients have reached out asking about urgent cyber actions to put in place.

The more your company has ties with Russia or Ukraine the more it concerns you. But even if it doesn’t, there are still some crucial steps to take.

7 Urgent Cyber Actions for Companies to Take


Hunt down and monitor all available indicators of compromise (IoCs) on current or recent cyber attacks (e.g., HermeticWiper, Whispergate, IsaacWiper, etc.)

Hunt and monitor all known IoCs for groups that have publicly indicated their support for Russia (e.g. Conti, Sandworm, Red Bandits, Stormous, etc.)

If not done already, deploy endpoint detection and response (EDR) on workstations and servers – it remains the essential tool to prevent a myriad of attacks. Now is the time to step up.

Set up the discussion with your top management to keep versus replace Russian security tools. It is obviously a cyber risk issue, but also think about the ability to maintain the tools with the sanctions. You could risk not having any EDR in 2 weeks!

Some customers are actively working on disabling all privileged accounts used in Russian perimeters (at least enhanced monitoring). But do consider the message you will send back to the employees by doing so.

At the very least, anticipate the need for network isolation of Russian and Ukrainian entities. This means creating a red button that can be activated in a few minutes (e.g. routers, firewalls).

Assess the risk of a compromised active directory (AD) on Russian perimeters. In case it is too interconnected with the Group, AD isolation should be considered, which is a very complicated topic.

In the longer term, we already know this conflict will have a huge impact on cybersecurity models. We will have to consider digital borders within companies, which means less interconnected information systems (IS), which are easily isolable. It may be necessary to work by “allied block,” following geopolitics very closely.

Every company will have to integrate digital sovereignty into its strategy.


Let our cybersecurity experts support you in assessing your company’s cyber risk profile and upgrading your cybersecurity strategy.


Matthieu Garin

Matthieu is a Partner within the Cybersecurity and Operational Resilience Practice, Wavestone Global. He is in charge of business development, major engagements, and complex bid management in the UK and France. He has extensive knowledge and expertise in new security models, ensuring digital transformation while reducing risks, and identifying the smartest approach to compliance with laws, regulations, and industry standards.

Wavestone Named to Forbes World’s Best Management Consulting Firms 2023 List

Sep 19, 2023

Forbes has once again recognized Wavestone in its annual “World’s Best Management Consulting Firms 2023” list. Read our blog for more information about the ranking and Wavestone’s award-winning business and technology consulting services.

Learning Data and GenAI: Securing the Source of Generative Intelligence

Sep 14, 2023

Integrated Operational Resilience (OR) has become critical to operational integrity as businesses grapple with economic uncertainty and rising compliance requirements. Tailored Managed Information (MI) models can enable automated, data-driven OR capabilities by centralizing resilience data for stakeholders, enabling accelerated and educated remediation of OR issues as they occur. Learn more about MI models and their 3 core capabilities in our blog.

Have a Question? Just Ask

Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.

Ask Wavestone