Ukraine conflict spotlights business need for cyber resilience

What the world saw Thursday: a land, air and sea attack by Russian forces into Ukraine. What enterprise IT executives heard: cyber risk is level red.

Modern IT and supply chains are interlinked, and recent attacks have shown the potential financial and physical consequences. Military operations and cyberattacks Wednesday on Ukrainian government agencies and high-profile companies telegraphed a clear and present danger, especially for infrastructure and global businesses.

"Ukraine has been the target of past and ongoing episodes of disruptive cyberattacks, which governments and cybersecurity experts have attributed to the Russian government," according to a research note from Moody's Investors Service. The firm is concerned over the consequences of a digitized and interconnected IT ecosystem, which — in the event of an attack — can trickle across sectors and geographies.

Information sharing and cross C-suite communication can help decrease cyber risk. Security research firms are also watching for the spread of a destructive data wiper malware.

"Organizations need to lower their thresholds for escalating anomalous activity and sharing that information with the government," said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, speaking Friday before the Aspen Institute.

Experts are on alert for cyberattacks because of past disruption from the NotPetya malware strain, which initially targeted organizations in Ukraine. The malware attack led to billions of dollars in damages for companies internationally.

"I definitely would consider that a watershed event, not just from the cyberattack perspective," said Luke Tenery, partner at global advisory firm StoneTurn. "We obviously saw what a nation state could do on a number of levels. That incident caused ripple effects also across broader industry, disabling a number of global organizations that impacted supply chain, and other aspects of how business gets done."

What risk preparedness looks like

In cybersecurity, prevention and rapid security response starts with information.

"CIOs that are able to not just consume the information, but then integrate it to make it part of how they manage risk are the ones that are going to do probably the best out of all this," Tenery said.

For firms sourcing IT from providers in the region, it is critically important to review communication frameworks and have an ongoing review of how the crisis could impact operations.

"No. 1 is communication," said Stanton Jones, director and principal analyst at ISG. Senior leaders from supplier and buyer side need to have regular communication to ensure continuity."

In the face of live fire in Ukraine and decaying diplomacy, firms should have fallback plans to ensure continuity.

"There absolutely is a geopolitical threat, and obviously it appears to be worsening very quickly," said Jones. "But many of these firms are well prepared for it and have either started moving work out of the country, or moving teams out of the country."