Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Corporate defenses must step up to meet a changing geopolitical landscape

When the world learned that Russia had invaded Ukraine in late February, outside observers expected a heavy dose of cyberattacks to play out in the invasion’s tactics. But to many people’s surprise, the cyber-attacks have been limited and targeted rather than widespread. Russia certainly has demonstrated its cyber power and capabilities in the past; a key example was the 2016 incident in which Russian hackers took out Ukraine’s power grid. 

So why hasn’t Russia madelarge-scale cyberattacks a top priority over the last five weeks? 

We know that the GRU (aka Russian Main Intelligence Directorate, not the character in Despicable Me) was involved in the Disruptive Denial of Service (DDoS) attacks against the Ukraine financial sector in mid-February. Another cyberattack, as reported by The Washington Post, hinted that Russian military spy hackers attacked a key satellite broadband service. According to U.S. intelligence experts, this cyberattack did cause a disruption in Ukraine’s military communications efforts last month.

Are more cyberattacks coming?

In preparation for an escalation of cyberattacks on U.S infrastructure, the White House put out a statement that suggested Russia could conduct malicious cyber activity against the United States. The White House urged each at-risk U.S. company to “harden its cyber security defenses … to strengthen the cybersecurity and resilience of the critical services and technologies Americans rely on.” 

Despite these fears and expectations, little serious activity has occurred.  One reason is the Russian government and military assumed that victory would be straightforward and swift, and physical force would be the only means necessary.  As a result, cyberattacks, and their complex planning and implementation, would not be required. 

A second scenario is that even as the war has dragged on, restraint in the area of cyber warfare has prevailed.  A major Russian cyberattack against the U.S or NATO would potentially lead to engaging these formidable forces in a much more meaningful way.  

Another school of thought is that our defenses are actually better than many people assumed.  Beyond the U.S. and our NATO allies, even the Ukraine’s defenses are much more solid than they were six years ago. Ukraine spent time and money to shore up its cyber defense structures in the aftermath of their past experiences with Russian hackers attacking their power grid in 2016.  

Some have also speculated that the crowdsourced force of cybersecurity talent both inside and outside of Ukraine have helped provide a level of protection against Russian attacks.   At the same time, we know that a large number of hackers have come together to aid the Russian effort.  

It is this group of unorganized, decentralized, hackers that have likely created the most activity over the past month and a half, and will continue to do so.  However, it is the organized, advanced cyber weaponry of a government-backed entity that could create the greatest damage. And it isn’t just Russia we should be looking at, considering there is evidence to suggest China coordinated hacking attempts on over 600 websites belonging to the defense ministry in Kyiv along with medical and education institutions leading up to the invasion.

Many experts would say that more attempts are still coming, that advanced attacks take extensive planning, coordination, and implantation time, and that they are still being formulated against us.

So no matter which scenario or scenarios hold true, CISOs need to stay more vigilant than ever to protect against these threats emerging from both the hacker community and government-backed organizations.

Protect the network and cloud systems

Planning for a potential worst-case scenario is always top of mind for those who work in security roles – now more than ever.  While there are many attack vectors, one logical and straightforward strategy would leverage compromised credentials from key employees of your organization. The adversaries have unfettered access to your systems and can go after your internal or cloud-based infrastructure, taking it offline. 

How can you better protect your firm against such an attack? Consider these four practices:

  1. Make sure you have your employees’ identities and access control credentials locked down to the greatest extent possible.  Hopefully, two-factor or multi-factor authentication is already in place. Two-step or multi-step authentication can better protect your firm against exposed credentials being put to harmful use. 
  2. Enforce the need for employees to frequently reset their passwords to ensure that compromised passwords no longer work. 
  3. Review your incident response playbooks and processes. Many companies have deployed SOAR solutions to help with incident response. It is critical to run drills or tabletop exercises with your teams to make sure you can effectively respond when an attack occurs. 
  4. Information sharing with partners and peers must become standard practice. CISOs need to consider sharing threat data and best practices with these external organizations. We have talked about this issue for years, and there is still a great deal of reluctance. Protecting your industry, company, and country should outweigh the fear of disclosing problems. 

Several different industry organizations are involved in data sharing, like IT-ISAC and ISAOs, but this activity can also take place on a more grassroots level. For example, you can set up a private Zoom call with a few peers in the industry to share information. You’ll be surprised with the knowledge you’ll gain and how eager some are to share what they know in this area. 

Some experts have called for more (or less) government intervention in cybersecurity matters. However, I think that’s a topic for another article. 

In the meantime, we as industry leaders need to step up our corporate defenses and keep tabs on our partners for new and evolving security risks. It can only help us as information architects to build the most powerful framework against any possible cybersecurity risks. 


Read More from This Article: Corporate defenses must step up to meet a changing geopolitical landscape
Source: News

Category: NewsApril 6, 2022
Tags: art

Post navigation

PreviousPrevious post:3 Patterns for Business Success with DataNextNext post:CIO Leadership Live with Aswin T. Utomo of Tokopedia

Related posts

Barb Wixom and MIT CISR on managing data like a product
May 30, 2025
Avery Dennison takes culture-first approach to AI transformation
May 30, 2025
The agentic AI assist Stanford University cancer care staff needed
May 30, 2025
Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
May 30, 2025
“AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
May 30, 2025
“ROI는 어디에?” AI 도입을 재고하게 만드는 실패 사례
May 30, 2025
Recent Posts
  • Barb Wixom and MIT CISR on managing data like a product
  • Avery Dennison takes culture-first approach to AI transformation
  • The agentic AI assist Stanford University cancer care staff needed
  • Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
  • “AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.