The Russian invasion of Ukraine could lead to involvement from NATO, U.S. troops and advisors. This involvement could end badly with the Russians seeking ways to retaliate against intervening nations. One likely response to a Russia-U.S. standoff over Ukraine is cyber-attacks committed by Russian-backed hackers against a wide range of U.S. targets, to include commercial, financial, and government entities. Cyber-attacks like these can be multi-pronged, widespread, and have catastrophic impact on their primary targets along with secondary and tertiary fall-out. Historically, state-sponsored cyber-attacks have not been limited to military or strategic targets. Instead, they exploited targets of opportunity across a wide breadth of corporate, government, and private entities. Their goal is to erode national security, cripple financial institutions, and exploit vulnerabilities in national infrastructure.
This would not be the first time the Russians have promulgated a wide-scale cyber-attack as a backlash to Ukrainian conflict. In 2017, a major global cyber-attack was launched utilizing ransomware called “Petya.” Although infections were detected throughout France, Germany, Italy, Poland, the United Kingdom, and the United States, most infections targeted the Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. Experts believed this was a politically motivated attack against Ukraine since it occurred on the eve of the Ukrainian holiday Constitution Day. The White House assessed the total damage of the Petya attacks to more than $10 billion. Russia has repeatedly shown its intent and capabilities to conduct effective cyber-attacks on U.S. targets, mainly through surrogate or organized crime-related groups in Eastern Europe or from within Russia.
Cyber-attacks at all levels are not a new phenomenon, nor do the Russians have a monopoly on them. As these attacks have become commonplace, families, family offices, and companies should have made reasonable preparations to be ready. The global impact of an imminent Russian-Ukraine clash is the type of event that proactive cyber planning and mitigation efforts should consider and war-game against. If family offices, executives, and companies have not taken this kind of event into account, they should take the time now to prepare for both a direct attack on their own businesses and/or indirect risks triggered by a widespread distributed denial-of-service (DDoS) attack on critical services and infrastructure.
Here are some specific actions that family offices, executives, and enterprises can take now to help them weather this potential cyber storm:
- Conduct a thorough cyber audit of your home, office, and company’s network security infrastructure, including servers, routers, and WiFi accounts and devices. If you do not have in-house IT capabilities, look for a cybersecurity firm that will conduct on-site cyber assessments and technology reviews and provide comprehensive, dynamic cybersecurity solutions that will evolve in response to recognized threats.
- Consider all your family and business information as critical. This includes credit card and banking details, client transaction data, and Personally Identifiable Information (PII) such as dates of birth and SSNs. These should be kept as private and confidential as possible. To protect them against malicious intent, data should be safeguarded through network and data encryption, secure storage to prevent unauthorized access, and multi-factor authentication for all users.
- Whenever possible, remove Personally Identifiable Information (PII) from the Online Data Aggregators and monitor the Dark Web for PII breaches and exposure. There are companies that provide these services as part of comprehensive privacy and security packages.
- Use strong passwords, antivirus software, and reputable hardware and software with current settings in concert with up-to-date patching to provide a solid defense against cyber attackers.
The best offense is a good defense, particularly when cybersecurity is involved. Take the necessary steps now to protect your most critical assets.
About the Author
Kris Coleman serves as Founder, President and CEO of Red Five where he supports private families, family offices, corporations, and security teams with holistic solutions to ensure their privacy, security, and resiliency. In 2020, Kris authored Raise Your Resiliency: You, Your Family and Your Business Can Achieve Resiliency in an Uncertain World . In 2021 Kris launched REAL Experiences, the world’s number one adventure and resiliency training experiences for families and executives.