Third-Party Breach and the Ukraine Conflict
On January 11, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) issued a joint warning, advising organizations of the increased risk resulting from the conflict in Ukraine.
Specifically, the joint advisory warned of Russian state-sponsored tactics by threat actors to infiltrate third-party software and infrastructures via custom-built malware designed to gain access without detection.
This joint Cybersecurity Advisory strongly encourages organizations to be on high alert and to implement the following security mitigations:
- Be prepared. Confirm reporting processes and minimize personnel gaps in IT/OT security coverage. Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
- Enhance your organization’s cyber posture. Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
- Increase organizational vigilance. Stay current on reporting on this threat. Subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
Gartner claims the Russian invasion in Ukraine has accelerated the possibility of a breach in four key areas and advises enterprise risk management (ERM) teams to reassess their organization’s risk models and continually monitor the following areas of risk:
- Talent Risk. Productivity could be impacted in a variety of ways, including those employees who have family in war-torn regions. In addition, a vast amount of IT talent resides in the countries affected by the war.
- Cybersecurity Risk. Evaluate the protocols you have in place to ward off malware attacks. And don’t wait for a cyberattack to clearly define your high-value assets and your response plan.
- Financial Risk. Gartner recommends that all ERM leaders stay in close communication with third-party vendors. If financial data is exposed during a breach, an alternate method of sending and receiving payments will need to be made.
- Supply Chain Risk. With the current unpredictable environment, ERM leaders should ensure that their organizations have updated supplier contingency plans in place. Material shortages and higher expenses might be on the horizon, and ERM leaders need to determine now how to deal with these shortcomings and not rely too heavily on a single supplier.
As a result of all this uncertainty, President Joe Biden signed the Strengthening American Cybersecurity Act into law in March 2022. It is still unclear which businesses will be subject to the Act, but those considered “critical infrastructures” will be required to report a substantial cyberattack to CISA within 72 hours, and organizations that pay off a ransomware attack will be required to report this action within 24 hours.
When an Attack Occurs
These new recommended practices signal an important change in the way businesses need to think about, prepare for, and respond to cyberattacks. Now more than ever, breaches can impact the entire country, not just a single business.
In the event of a cyberattack, the joint Cybersecurity Advisory recommends that organizations take the following steps:
- Isolate any affected systems.
- Secure backup data in an offline environment and scan the data with antivirus software.
- Investigate the source of breach by analyzing logs and artifacts, and identify the penetration level.
- Solicit a cybersecurity firm specializing in breach that can help identify areas of remediation.
Every organization must be diligent in amping up its cybersecurity forces in order to win the war on third-party breach. The above practices are more important now than ever as the Ukraine conflict heats up and threats from cybercriminals increase.
Try ThreatScape Free for 30 days
Sign up for a demo of the ProcessBolt platform, which includes a customized walkthrough of ThreatScape, and you’ll receive a one-month, fully functioning subscription to ThreatScape. Load your domains into the platform and watch as ThreatScape alerts you to potential vulnerabilities you never knew you had.