Cyber Security

Sheila Pancholi on responding to the geopolitical cyber threat

How to protect your business during the Ukraine crisis

As the tragic events in Ukraine unfold, their impact is being felt across the globe. The crisis will affect the already turbulent cyber threat landscape. The UK’s middle market needs to act now to protect itself from what could be coming. 

Why is this such a dangerous threat? 

The rapid growth of, and reliance on, foreign technology – such as outsourcing a business’s digital functions – has had a significant effect on national security. Geopolitical tensions have already had consequences for technology and digital spaces, particularly when it comes to spreading misinformation and disinformation. 

Cyber criminals prey on the vulnerable during times of disruption, as we saw during the coronavirus pandemic. As the world, once again, enters into a period of considerable unrest and economic uncertainty, it is a perfect storm for increased cyber-attacks. Organisations will have to stay up to date with the complex regulatory and cyber-threat environment they operate in. 

The UK National Cyber Security Centre (NCSC) has confirmed it is not aware of any specific threats to UK organisations. However, it has confirmed that there was a Distributed Denial of Service (DDOS) attack by Russia on a Ukrainian financial services firm in early April 2022.

The decision to remove Russian access to the Society for Worldwide Interbank Financial Telecommunication (SWIFT), the global financial artery that enables the quick and seamless transfer of money across borders, could have a significant impact on UK businesses. Russian cyber-criminal gangs could decide to make UK organisations a high priority target in retaliation for the sanctions against Russia.

What should businesses be doing?

The NCSC has identified a list of typical vulnerabilities that Russian hackers are known to exploit. The list includes DDOS and ransomware attacks. Organisations have been advised by the Computer Sciences Corporation (CSC) to bolster their defences and focus on ensuring that fundamentals are in place.

Here are some of those fundamentals that your business should consider:

  • Understanding your exposure by doing a threat and risk assessment. Include the typical vulnerabilities along with any data exchanges with the region, but also consider political exposure based on your investments, customers and stakeholders.

  • Doing a threat and risk assessment of your outsourced functions and third-party providers on any offshored development work performed near Russia or Ukraine.

  • Treating your cyber-incident response preparation as a focus point. Tailor scenarios according to the current threat and risk landscape, and consider key risk areas such as insider threat, supply chain security, ransomware and malicious actors.

  • Developing a more proactive and aggressive approach to patching systems during this period, and delaying any significant system changes that could introduce new vulnerabilities.

  • Considering an extension to the operating hours of your security team or Security Operations Centre (SOC).

  • Getting to know your cyber-insurance policy. These typically contain exclusions applied during times of ‘warfare’ or to ‘acts of God’. Consider the specific implications for your business and identify steps you could take to mitigate any damage. 
Image - RSM UK, The Real Economy: Cyber Security Report 2022

Cyber Security report 2022

Image - RSM UK, The Real Economy: Cyber Security Report 2022

The changing cyber threat landscape presents a serious risk to the middle market. Explore the key threats to the middle market and what businesses are doing to protect themselves in our cyber security report. 

Explore more
Sign up for latest updates

Receive the latest updates on The Real Economy

Sign up for latest updates

Sign up here to stay updated with all the newest insights from The Real Economy.

You will be first to receive all our Real Economy content including topical reports, insights into the Middle Market Business Index and our related podcast episodes.

Sign up now