
Given that Ukraine is a key global delivery location for IT and engineering R&D services, the conflict has introduced widespread uncertainty and significant concerns for companies operating in the country and the region.
With an imminent risk of cyber attack and a potential breakdown of internet and telecommunications systems in Ukraine, and of cyber attacks spilling over and causing collateral damage in neighboring countries, many clients have reached out asking about urgent cyber actions to put in place.
The more your company has ties with Russia or Ukraine the more it concerns you. But even if it doesn’t, there are still some crucial steps to take.
7 Urgent Cyber Actions for Companies to Take

Hunt down and monitor all available indicators of compromise (IoCs) on current or recent cyber attacks (e.g., HermeticWiper, Whispergate, IsaacWiper, etc.)

Hunt and monitor all known IoCs for groups that have publicly indicated their support for Russia (e.g. Conti, Sandworm, Red Bandits, Stormous, etc.)

If not done already, deploy endpoint detection and response (EDR) on workstations and servers – it remains the essential tool to prevent a myriad of attacks. Now is the time to step up.

Set up the discussion with your top management to keep versus replace Russian security tools. It is obviously a cyber risk issue, but also think about the ability to maintain the tools with the sanctions. You could risk not having any EDR in 2 weeks!

Some customers are actively working on disabling all privileged accounts used in Russian perimeters (at least enhanced monitoring). But do consider the message you will send back to the employees by doing so.

At the very least, anticipate the need for network isolation of Russian and Ukrainian entities. This means creating a red button that can be activated in a few minutes (e.g. routers, firewalls).

Assess the risk of a compromised active directory (AD) on Russian perimeters. In case it is too interconnected with the Group, AD isolation should be considered, which is a very complicated topic.
In the longer term, we already know this conflict will have a huge impact on cybersecurity models. We will have to consider digital borders within companies, which means less interconnected information systems (IS), which are easily isolable. It may be necessary to work by “allied block,” following geopolitics very closely.
Every company will have to integrate digital sovereignty into its strategy.
Let our cybersecurity experts support you in assessing your company’s cyber risk profile and upgrading your cybersecurity strategy.
LEARN MORE ABOUT WAVESTONE’S CYBERSECURITY AND DIGITAL TRUST SERVICES4 Strategic Mistakes to Avoid When Defining Service Level Management Processes
Jun 01, 2023
Strategic errors made when defining service levels can have a detrimental, cascading effect on service level operational performance - leading to additional costs and service delays. Here are 4 strategic errors to avoid when defining service levels and instituting the SLM processes to govern them.
Optimizing the 3 Stages of Your Cloud Software Development Lifecycle
May 25, 2023
Your Cloud Optimization Strategy requires seamless coordination between optimization levers throughout the SDLC to produce and maintain effective cloud solutions. Discover best practices and improvement opportunities for each lever, where they fit in the SDLC, and how to synergize them effectively.
Have a Question? Just Ask
Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.