Matthieu Garin
Matthieu Garin

Given that Ukraine is a key global delivery location for IT and engineering R&D services, the conflict has introduced widespread uncertainty and significant concerns for companies operating in the country and the region.

With an imminent risk of cyber attack and a potential breakdown of internet and telecommunications systems in Ukraine, and of cyber attacks spilling over and causing collateral damage in neighboring countries, many clients have reached out asking about urgent cyber actions to put in place.

The more your company has ties with Russia or Ukraine the more it concerns you. But even if it doesn’t, there are still some crucial steps to take.

7 Urgent Cyber Actions for Companies to Take

 

Hunt down and monitor all available indicators of compromise (IoCs) on current or recent cyber attacks (e.g., HermeticWiper, Whispergate, IsaacWiper, etc.)

Hunt and monitor all known IoCs for groups that have publicly indicated their support for Russia (e.g. Conti, Sandworm, Red Bandits, Stormous, etc.)

If not done already, deploy endpoint detection and response (EDR) on workstations and servers – it remains the essential tool to prevent a myriad of attacks. Now is the time to step up.

Set up the discussion with your top management to keep versus replace Russian security tools. It is obviously a cyber risk issue, but also think about the ability to maintain the tools with the sanctions. You could risk not having any EDR in 2 weeks!

Some customers are actively working on disabling all privileged accounts used in Russian perimeters (at least enhanced monitoring). But do consider the message you will send back to the employees by doing so.

At the very least, anticipate the need for network isolation of Russian and Ukrainian entities. This means creating a red button that can be activated in a few minutes (e.g. routers, firewalls).

Assess the risk of a compromised active directory (AD) on Russian perimeters. In case it is too interconnected with the Group, AD isolation should be considered, which is a very complicated topic.

In the longer term, we already know this conflict will have a huge impact on cybersecurity models. We will have to consider digital borders within companies, which means less interconnected information systems (IS), which are easily isolable. It may be necessary to work by “allied block,” following geopolitics very closely.

Every company will have to integrate digital sovereignty into its strategy.

 

Let our cybersecurity experts support you in assessing your company’s cyber risk profile and upgrading your cybersecurity strategy.

LEARN MORE ABOUT WAVESTONE’S CYBERSECURITY AND DIGITAL TRUST SERVICES

Matthieu Garin
Partner

Matthieu is a Partner within the Cybersecurity and Operational Resilience Practice, Wavestone Global. He is in charge of business development, major engagements, and complex bid management in the UK and France. He has extensive knowledge and expertise in new security models, ensuring digital transformation while reducing risks, and identifying the smartest approach to compliance with laws, regulations, and industry standards.

6 Moves to Shore Up Vulnerabilities in Your Cyber Supply Chain

Sep 29, 2022

With a comprehensive C-SCRM program in place, you can protect your organization from the devastating effects of a supply chain attack. These are the key considerations to secure your cyber supply chain today.

Continuing Growth to Expand Services – Wavestone Acquires Coeus Consulting

Sep 20, 2022

Coeus Consulting joins Wavestone, to further empower technology, business, and procurement leaders to deliver more. This acquisition will enable Wavestone to provide an unbiased world-class value proposition for technology and business leaders alike.

Have a Question? Just Ask


Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.

Ask Wavestone