In a cybersecurity landscape already reeling from the pandemic, the military conflict between Ukraine and Russia has sent a clear message to companies with a weak cybersecurity strategy. Corporate security and intelligence teams have reported an uptick in cyber investigations, and both the US Cybersecurity and Infrastructure Security Agency and the European Central Bank have issued warnings about potential Russian intrusions.
Increased Need for Cybersecurity
The military conflict in Ukraine has led to a substantial change in the approach to cybersecurity measures, with the first signs of scammers exploiting the crisis being detected as early as February 25th, 2022.
Russia’s invasion of Ukraine has prompted at least two important changes in the cybersecurity ecosystem. First, it has shown how the online environment can be used in a real conflict, from both the attacker’s and the defender’s perspectives. It has also demonstrated how sufficient preparation in advance can help when dealing with a military power like Russia and outlined what are targeted in a military conflict. Secondly, the war in Ukraine has put many NATO countries in the crosshairs of cyberattackers, tested their infrastructures and exposed some of their vulnerabilities. The DDoS attacks rendered the websites of some institutions inoperable for several days. Montenegro, Estonia, and new NATO candidate Finland are just three of the countries being hit hard by sophisticated cyberattacks.
Recently, Ukraine’s CERT-UA uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. Hackers leveraged a specific version of the Somnia ransomware, which doesn’t include a way to decrypt data. The group called FRwL has been launching similar attacks against Ukrainian targets since the spring of 2022. But this time the ransomware is different, as it uses AES instead of the 3DES algorithm to encrypt files with a variety of extensions, CERT-UA said in a statement.
Growing Investment in IT Security
First and foremost, organizations need to invest in security technology and systems. These systems should be able to detect and prevent attacks before they even happen. Secondly, they must release financial resources to strengthen their security posture. This means hiring additional IT staff knowledgeable about cybersecurity threats, purchasing appropriate software protection tools, and implementing strong password policies and guidelines.
A recent survey by Gartner revealed that spending on information security and risk management products and services is expected to grow 11.3% to more than $188.3 billion in 2023.
“Cloud security is the category forecast to have the strongest growth over the next two years. As organizations increasingly focus on ESG, third-party risk, cybersecurity risk, and privacy risk, Gartner forecasts that the integrated risk management (IRM) market will show double-digit growth through 2024, until greater competition results in cheaper solutions. Security services including consulting, hardware support, implementation, and outsourced services are the largest category of spending, at almost $72 billion in 2022, and expected to reach $76.5 billion in 2023”, according to a statement.
No one Is Left Out
Reports from cybersecurity companies indicate that attacks focused on social engineering, phishing, and mobile platforms have increased this year. The primary goal of these cyberattacks is to get users to voluntarily install malware, making it easier for attackers to collect their personal information. Security experts predict that these types of threats will remain prevalent in the near future. As security measures become more effective every year, hackers are targeting the next weakest link: average users who are not well-informed about online safety or don’t know how to protect themselves from malicious threats.
Hacktivists Exploit Post-Pandemic Vulnerabilities
The pandemic forced most companies to allow their employees to access information and platforms that would normally only be accessible within the company’s premises. In many cases, sensitive data has been exposed, because these platforms weren’t adequately tested from a security point of view.
In this context, we can’t ever talk about relaxing security measures adopted by companies or home users. Internal security processes need to be constantly reviewed and adapted to keep pace with the technological changes that companies are undergoing.
Conclusion
As outlined in this article, the crisis in Ukraine has taught businesses that they need additional security measures that were not necessary before the pandemic. Cybersecurity threats will continue to increase, as hackers are targeting both businesses and individuals. To prevent these attacks from succeeding, companies must invest in adequate security measures that can cover all parts of their network. In addition, employees must be trained on how to defend themselves against cyberattacks.
