Cybersecurity Risks: Protecting Your Business from Russia-Ukraine War Fallout
May 3, 2022 •Oak Street Funding
The current war may be taking place thousands of miles away from your business, but the elevated potential for cyber attacks it has created means distance doesn’t provide a safe barrier for you. Cybersecurity has long been a growing risk for all businesses, and the increased activity of cyber actors on both sides of the conflict has significantly elevated the possibility your business may find itself in the crossfire.
Small and medium businesses face cybersecurity risks
If you think the size of your business will protect you from cyber attacks, think again. Accenture’s Cost of Cybercrime study concluded that small- to medium-sized businesses represent 43 percent of the companies targeted by cybercriminals. Even more concerning, the study found just 14 percent of those businesses were sufficiently prepared to protect themselves (and their clients) from such an attack.
A much bigger threat
A recent Harvard Business Review article suggested the war for Ukraine may be “the most acute cyber risk U.S. and western corporations have ever faced.” The article notes that Russia is likely to view stepped-up sanctions from other nations as economic warfare and can be expected to “respond asymmetrically using its considerable cyber capability.” Both the U.S. Cybersecurity and Infrastructure Security Agency and the European Central Bank have warned of the likelihood of retaliatory Russian cyber attacks.
Indirect attacks can also hurt businesses
The problems with having so many actors include multiple types of threats and a lack of clarity about individual groups’ targets and motivations. While your business may not be a direct target, you may suffer as a result of attacks on your customers and business associates. For example, if your business depends on a particular vendor’s program or some type of software as a service provider, and that company is targeted, your day-to-day operations are likely to be impacted.
Steps for cybersecurity protection
As the authors of the aforementioned Harvard Business review article noted, protecting your company from cyber attacks is a “long game requiring sustained strategic investment.” There are no quick solutions or instant fixes when your business is affected. They cite the example of oil giant Saudi Aramco, where an attack transformed 30,000 laptops into useless garbage in just seconds. To protect your systems, follow the steps below and consider cyber insurance to help cover costs of recovery should your systems be compromised by a cyber attack.
1. Defend your system
Start by strategically building a protection plan for all of your IT systems. Identify what is most vital to your business and put controls around those assets. For example, in your organization, financial information or client data might be the most crucial aspect of your business. A hierarchical list of what is most important to your organization will give you a roadmap to building your cyber defenses. And, when you build those defenses, think in terms of layers. A great analogy is to think of each layer as a slice of Swiss cheese. Even though each piece has holes, covering those holes by stacking slices atop one another creates a solid wall of cheese.
2. Prepare for the worst
Work with IT and cybersecurity experts to develop plans for your response to cyber attacks. Think about a worst-case scenario and ask yourself, how would you react if your business were to succumb to a ransomware or business email compromise? Having a plan before the attack happens will mitigate loss and allow your company to recover more quickly. While engaging a trusted cybersecurity provider to help you may be costly, it can be an excellent investment to help you stay in business.
3. Develop good cybersecurity habits
You can have the best technology available, but all of it comes with a fatal flaw: it's operated by humans. You and your team are on the front lines of cybersecurity. A significant share of cyberattacks succeed because an employee unwittingly made a mistake, whether that's responding to a phishing email or giving someone who shouldn't be trusted access to technology. Educating employees and clients about cyber attacks and common practices is a good step but establishing processes and procedures that include security checks helps even more.
Other basic steps that can protect your company are sound password management, such as making sure employees choose tough-to-crack passwords and implementing multi-factor authentication. Some of those steps may seem to be small, but when combined with other strategies, they can provide a much greater degree of protection, so bad actors from a war that’s thousands of miles away can’t inflict damage on your business.
Disclaimer: Please note, Oak Street Funding does not provide legal or tax advice. This blog is for informational purposes only. It is not a statement of fact or recommendation, does not constitute an offer for a loan, professional or legal or tax advice or legal opinion and should not be used as a substitute for obtaining valuation services or professional, legal or tax advice.