With Ukraine and Russia bringing their conflict to cyberspace, individuals, organisations, and governments beyond the borders of the two countries can also end up getting caught in the crossfire.
According to the Singapore Cybersecurity Agency (CSA), the participation of non-state actors in targeting digital infrastructure increases the risk of broadening and escalating the conflict. The CSA has documented how these private individuals and groups have taken part in the conflict on either side.
With other governments having launched cyberattacks against individuals and companies in the past, there is a risk that companies, other organisations, and entire countries could be indiscriminately targeted in retaliation. Cybercriminals using the conflict as a pretext for their activities pose an additional threat.
Better protection with NDR
Due to this, the CSA has issued guidelines to strengthen a company's cybersecurity posture. The recommendations include:
- Enabling multi-factor authentication for all remote and administrative access to systems
- Downloading the latest patches of their cybersecurity solutions
- Updating all systems, applications, and software
- Closely monitoring network traffic for suspicious communications and data transmissions.
The last point is noteworthy considering how log-based and agent-based solutions create visibility gaps in a company's digital infrastructure which can be exploited by threat actors. These result in longer "dwell times" before the threat is discovered, increasing the likelihood of damage to valuable assets.
In comparison, network detection and response (NDR) solutions achieve full visibility throughout a company's entire digital infrastructure. Threats are unable to exploit visibility gaps because data traffic is monitored, not individual assets within the infrastructure.
Best-in-class NDR systems utilise machine learning and AI to continuously identify normal behaviour within systems and flag suspicious activity in real time. Together, these features enable users to detect faster threat detection by up to 50%, as well as faster threat resolution by up to 86%.
IT and business must work together
However, as geopolitical tensions continue, it has never been more important for organisations to foster better collaboration between IT and the rest of the business, with the constant communication, and a two-way process.
Senior managers need to ensure that the importance of strong cybersecurity is understood across the board. IT security teams need to be given full support and the level of resourcing they require to effectively carry out their roles.
Senior managers must achieve full visibility in the following key areas to support and empower their IT security teams:
- The organisation's existing security posture:
Many businesses have governance structures that require periodic reporting but having a picture of their existing security posture at the granular level will enable them to fully support their security teams.
By being briefed on their organisation's strengths, weaknesses, and plans to address the latter, executives can provide IT with the resources it needs to withstand cyberattacks.
- The organisation's planned responses:
Executive leadership teams should also be fully briefed on their incident response, crisis management, and business continuity plans.
A full understanding of employee roles at all levels will enable leaders to minimise operational disruptions if an attack takes place. Incident response plans should also include assessments of each department's response readiness and be made available for the full executive team.
- The organisation's entire security infrastructure:
Other aspects that require full visibility on the part of senior managers are:
- Policies regarding security software updates. Patches and updates should be deployed as soon, especially in the Asia Pacific (APAC) region where 54% of organisations have last updated their cybersecurity infrastructure two years ago.
Worse, 20% have last done so three years ago. Up-to-date software is a key pillar in any security strategy. - How frequently critical systems and data are backed up, how quickly the former can be restored in the event of an attack, and measure to protect backups from compromise.
- Which identity management (IM) and multifactor authentication (MFA) tools and processes are being used, and their levels of operational readiness.
- How the organisation monitors, manages and protects endpoints: traditional ones such as servers and PCs, as well as Internet of Things (IoT) and mobile devices.
- Risk management strategies for organisations that use public-cloud applications and infrastructure.
- Security teams' effectiveness levels in detecting, addressing, and investigating potential cyberattacks.
Remember the wider security ecosystem
As senior executives undertake this thorough communication with their IT teams, they should also remember there is a wider ecosystem of parties involved in achieving effective security.
This includes systems integrators, managed services providers, channel partners, and technology vendors. Each brings a different element to the mix and all play an important role in ensuring security is as robust as possible.
As businesses turn to multi and hybrid-cloud solutions at increasing levels, the attack surface for cybercriminals and the potential damage they can inflict on organisations also increases.
Business leaders should achieve full visibility of their organisations' entire security posture and infrastructure as soon as possible and implement preventative steps to avoid significant disruption and damage in the future.
