New Cybersecurity Risks: Russia-Ukraine Conflict

new cybersecurity risks

Russia’s strong cyber forces are preparing a fresh round of cyber-attacks on Ukrainian and western resources. These include, among others, finance, energy, and communications infrastructure. These new cybersecurity risks have the potential to affect everyone.

Conflict in Ukraine, whether cyber, conventional, or hybrid, will have far-reaching ramifications for business. As a business leader, you’ve probably been thinking about the risk to people, supply chains, and operations. The White House was previously warning of supply-chain vulnerabilities due to the reliance on Ukrainian neon.

Russia exports components for the manufacture of jet engines, semiconductors, agriculture, autos, and medicines. With the Covid-19 epidemic already stressing US supply lines, adding another shock is concerning.

However, if you are just now looking into the new cybersecurity risks, then you’re probably too late. Effective cyber defense is a long-term strategy, not a last-minute add-on.

Ukraine’s conflict poses possibly one of the greatest serious cybersecurity risks and is a threat to US and Western firms. Recent CISA warnings on Russian cyberattacks on U.S. vital infrastructure have been accompanied by recent CISA warnings on Russian cyberattacks on U.S. networks.

Sanctions and market disruptions, according to the ECB, will bring retaliatory Russian cyber assaults. Ukrainian government systems and banks have been the target of recent cyberattacks.  In addition, vigilant US corporations have seen a sharp spike in cyber probing. They are seeing threat groups from the Russian government doing reconnaissance against U.S. industrial infrastructure. This includes important electric and natural gas sites.

Several large multinational security and intelligence teams say they are anticipating Russian intrusions and examining potential second and third-order consequences on their operations. Furthermore, some organizations expect an increase in attacks and frauds due to the Ukraine situation. So, what can leaders or businesses do when a cyber or IT issue quickly becomes a business issue?

First, dust off and test your business continuity strategies in light of new cybersecurity risks.

What would it be like to work for days, weeks, or months in an analog world? When a cyberattack hit Saudi Aramco, 30,000 laptops became paperweights in seconds. They can ask themselves, “How will I manage accounts, track inventory, or communicate with my offices and plants if my IT systems fail?”

Second, audit your supply chain.

Your company may become dependent on Ukrainian coders, software engineers, or hosted services. According to the Ukrainian Ministry of Foreign Affairs, over 100 Fortune 500 corporations rely on Ukrainian IT services. In addition, there are numerous Ukrainian IT firms ranking among the top 100 global outsourcing alternatives.

Third, collaborate and share with peers, vendors, and the FBI to detect and mitigate cyber threats.

Empower your teams to reach out to other firms’ cyber and intelligence teams, as well as federal and local government partners. In addition, ensure your teams are on the mailing lists of their area CISA and FBI field offices to get alerts and warnings. Furthermore, to develop a collective defense, share abnormal or harmful cyber activity with federal and local partners.

4.  Educate your personnel about risks, threats and cybersecurity.

Securing your network includes enabling multifactor authentication. This single factor reduces hacking risk by 99 percent. Fixing old flaws and creating secure passwords goes a long way toward keeping you and your data safe. In addition, recognizing that phishing is still the most common attack vector, is a vital part of security.

Finally, consider how cybersecurity affects overall business security and risk. IT security and geopolitical risk assessments must go hand in hand when dealing with cyber threats. Furthermore, Geopolitical, cyber, and physical security teams should operate closely together, not in silos.

Preparation for new cybersecurity risks is a must, even if it’s a bit late.

It’s too late to develop ties amid crisis. Communication and cooperation must be built before calamity occurs. Watch out for risk evaluations that emphasize proximity or presence. In a cyber battle, errant cyber gunshots or precision cyber sniper fire can harm innocent bystanders.

During a crisis, corporate resilience and business continuity strategies become critical. Furthermore, they require company-wide solutions. The threat of more war in Europe is growing. Therefore, it’s time to get out those contingency plans and see if they’re practical, current, and useful. It may be too late to do any amount of massive preparation, however, it’s not too late to look at the current options and see what’s possible.


No one in a global community can afford to stand by and pretend that nothing is happening. However, each of us can put our best foot forward and make the most of the time, energy, and resources available to us.