Ukraine War Alters Security Landscape for Orgs, ERM Leaders

  • None--Security Boulevard
  • published date: 2022-03-23 12:46:00 UTC


<p><span style="font-weight: 400;">Russia’s invasion of Ukraine and the resulting global instability the war has unleashed will have a lasting impact on the cyberthreat landscape, one which will also require <a href="" target="_blank" rel="noopener">enterprise risk management</a> (ERM) leaders to reassess previously established organizational risk profiles.</span></p><p><span style="font-weight: 400;">Two reports published earlier this month, one from Forrester </span><a href=";utm_medium=pr&amp;utm_campaign=tech&amp;_gl=1*11pfgkr*_ga*MTg0MDM2MzQyMi4xNjQ3NzcyMjM5*_ga_PMXYWTHPVN*MTY0Nzc3MjIzOC4xLjAuMTY0Nzc3MjIzOS4w" target="_blank" rel="noopener"><span style="font-weight: 400;">focused on</span></a><span style="font-weight: 400;"> the overall cybersecurity readiness of organizations, and a Gartner report targeted at ERM leaders noted the need for a fundamental rethinking of IT security practices. </span></p><p><span style="font-weight: 400;">Gartner’s report targeted at least four key areas across which ERM professionals must reassess long-standing risk profiles, including talent risk, cybersecurity risk, financial risk and supply chain risk.</span></p><h2>Russia’s Invasion Increased Velocity of Risks</h2><p><span style="font-weight: 400;">The report, “Responding to the Russian Invasion of Ukraine: A Guide for Audit and Risk Leaders” also noted that Russia’s invasion of Ukraine has increased the velocity of many risks Gartner has tracked on a quarterly basis in the analyst firm’s Emerging Risks survey.</span></p><p><span style="font-weight: 400;">In addressing cybersecurity risks, the report recommended an increase in tabletop exercises along with ongoing reviews of protocols to defend against ransomware and other malware attacks.</span></p><p><span style="font-weight: 400;">Gartner also recommended ERM workers take the lead in defining high-value assets and developing a response plan to ensure that triage and decision-making are not made on-the-fly during an attack.</span></p><p><span style="font-weight: 400;">“As ERM leaders reassess their organizational risk models, they must also ensure a high frequency of communication with the c-suite as to the critical changes that require attention now,” Matt Shinkman, vice president with the Gartner risk and audit practice, said in a statement. </span></p><p><span style="font-weight: 400;">Regarding the enhanced risks to supply chains, the report cautioned that ERM leaders must ensure their organizations update their supplier contingency plans to reflect the current environment.</span></p><p><span style="font-weight: 400;">Those with direct financial exposure to Russia should prepare mitigation strategies at more frequent intervals, and the report noted that ERM professionals should keep in close communication with third-party service providers regarding alternate payment plans that don’t violate current sanctions policies.</span></p><p><span style="font-weight: 400;">The talent risk is the fourth area that concerns ERM leaders, with the report pointing out the multiple layers of effects the war could be having on employees. </span><span style="font-weight: 400;">These range from the topline risks to employees from the war itself down through second- and third-order effects including employees with family and close friends at risk in the region.</span></p><p><span style="font-weight: 400;">“Internal communications addressing employee well-being and outlining counseling services will need to be carefully calibrated and distributed at a higher frequency,” the report noted. “At an organizational level, talent risks can manifest through productivity constraints in the affected region, as well as disrupting access to the large amount of IT talent concentrated in the countries impacted by the war.”</span></p><h2>Preparing for Increased Cyberattacks and Cyberespionage</h2><p><span style="font-weight: 400;">The Forrester report warned CISOs from every industry should be preparing for increased cyberattacks and cyberespionage, a call that has been echoed by IT security firms and government agencies since the start of the conflict. </span></p><p><span style="font-weight: 400;">Among the key recommendations was an investment in the breadth and depth of incident response capabilities, as well as creating and running simulations for targeted attacks, which should be varied by region.</span></p><p><span style="font-weight: 400;">The report also called for bolstering essential security defenses, specifically highlighting vulnerability and patch management. Organizations also need to take another look at their DDoS protection capabilities and incident response plans, as well as pay closer attention to device and software hygiene. </span></p><p><span style="font-weight: 400;">Determining the threat of insider risks was also highlighted as a priority for organizations, and the report advised monitoring of users who may sympathize with Russia and could have access to data or data systems that could be sabotaged. </span></p><p><span style="font-weight: 400;">“Russian operatives may also be reaching out to users to convince them to share authentication credentials or plant malware in your systems,” the report warned. “Have a plan to render useless any devices and data departing users may still retain.”</span></p><p><span style="font-weight: 400;">All of the above recommendations must be supported by clear and constant communication between security teams and executive management. These conversations should highlight the potential impact on the organization and the overall risk to the business.</span></p><h2>War FAQ</h2><p><span style="font-weight: 400;">With international news coverage heightening everyone’s alert level and contributing to a sense of instability and unease, it will be important for IT security leaders to develop a “Ukraine/Russia War FAQ” document for the board and executives.</span></p><p><span style="font-weight: 400;">“Whether you’re a government agency or retailer, you must prepare for a permanently changed threat landscape; no organization will be immune,” the report noted. </span></p><p><span style="font-weight: 400;">The Gartner and Forrester reports joined a steady stream of advisories rolling out as the fighting in Ukraine continues to </span><a href="" target="_blank" rel="noopener"><span style="font-weight: 400;">raise the prospects of U.S. cyberattacks</span></a><span style="font-weight: 400;">. </span><span style="font-weight: 400;">In February, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a </span><a href="" target="_blank" rel="noopener"><span style="font-weight: 400;">joint advisory</span></a> <span style="font-weight: 400;">to help organizations detect and protect their networks from cyberattacks. </span></p><p> </p>