The Cyber Cold War: Understanding the Russian cyberattacks, and the strategy to defend against them

The current cyber conflict between Ukraine and Russia is intensifying by the day. As state-sponsored Russian cyberattacks increase, just how big is the risk to business, and how can you defend against it?



Show More

This is a contributed article by Sami Knuutinen, cybersecurity expert, LogPoint.

Russian state-sponsored cyberattacks have wreaked havoc across the globe, and they show no sign of slowing down. Russian hackers are waging a campaign of espionage and cyber terror against the Ukraine, with the most recent crime on January 14, wiping vital government data and knocking out government websites, including the ministries of education and foreign affairs. Tensions are at an all-time high between the two countries, and governments around the world are bracing themselves amidst fears that these data breaches in the Ukraine are simply a testing ground for future attacks.

While the daily news updates on these Russian cyberattacks are certainly sobering, organisations are not entirely helpless. Government, corporate, and financial leaders can take immediate steps to prepare their IT infrastructure and their employees to withstand potential attacks.

Russian state-sponsored attacks aren’t your typical data breaches

The state-sponsored Russian cyberattacks are more dangerous than the typical threats organisations experience, as they employ highly destructive spear phishing campaigns as opposed to the phishing methods that are more familiar to the public. For example, general phishing attacks are easily recognisable and therefore more easily avoided by even the most novice technology users. These fraudulent emails usually include disjointed language that has obviously been translated with a free translation app.

However, spear phishing campaigns are highly targeted. The cybercriminals behind them are supported by organised groups who have the resources, manpower, and experience to do real damage. They perform rigorous research into their targets, allowing them to craft messages that are tailored to manipulate the recipients into clicking a dangerous link, or downloading ransomware. These attacks can also be an act of subterfuge to simply test out an organisation’s defenses in preparation for a larger data breach in the future.

Russian state-sponsored cyberattacks are ultimately a form of highly sophisticated espionage, as opposed to opportunistic phishing campaigns that cannot do nearly as much damage. If general phishing is a random mugging, Russian spear phishing attacks are a highly calculated bank heist.

The damage these breaches cause can be severe. It’s estimated that a single data breach costs companies on average $4.24 million  in 2021, while the global cost of cyberattacks is projected to reach $10.5 trillion annually by 2025.

Protecting your organisation requires a holistic approach

Luckily, organisations aren’t left defenseless. CISOs can protect themselves from these aggressive cyberattacks by taking a measured two-pronged approach that requires minimal investment and can be implemented right away: awareness and technology.

Security and IT leaders should aim to foster a culture of security awareness to ensure cybersecurity remains a deeply engrained organisational value that is always top of mind. This includes regular educational sessions to train employees on how to identify and respond to potential threats, even highly stealthy spear phishing emails. CISOs can also develop a reporting structure to ensure all stakeholders are well-informed of the organisation’s cybersecurity status at any time.

While cybersecurity education is important, it must be supported by data-powered technology. For a proactive approach, two-factor authentication on all devices is critical, especially as the workforce continues to work remotely over the cloud. Routine penetration testing can also be performed to locate potential gaps in IT infrastructure. These strategies can provide a robust defense against cybercrime.

Responding to a cyberattack the right way

Unfortunately, even the most proactive organisation can experience a data breach. This isn’t necessarily a failure on the part of any one person, rather just an unfortunate byproduct of the current digital climate, and a measure of the intelligence and resources behind these attacks. However, having the right advanced technology in place empowers organisations to react quickly and effectively to minimise damage.

Artificial intelligence has proven to be a crucial tool when identifying and responding to targeted cyberattacks. Monitoring solutions such as security information and event management (SIEM) and user and entity behavior analytics (UEBA) leverage powerful machine learning capabilities to identify threats by first establishing a baseline for IT infrastructure, and then searching through millions of daily events for anomalies. Should a data breach be discovered, automation solutions like security orchestration, automation, and response (SOAR) can immediately begin to triage the situation with analysis and countermeasures.

By integrating these technologies within a single pane of glass, IT leaders gain a holistic view of their digital environments – from servers to network devices, to data centers and endpoints, and more – allowing them to operate more efficiently and react quicker to breaches. Once the situation has been mitigated, cybersecurity experts can then take the time to analyse the attack and take steps to avoid exposure in the future.

Security and IT leaders can take a stand against state-sponsored cyberattacks

The geopolitical landscape has made state-sponsored cyberattacks an unfortunate reality for many organisations. But the right strategy can provide holistic, data-powered protection to keep these instigators at bay. Through comprehensive education and technology, organisations can bolster their defenses for improved cybersecurity outcomes.

Sami Knuutinen advises security and IT leaders on best practices to accelerate cybersecurity and business transformation. Based on more than 15 years of experience in the cybersecurity industry, he offers unique insights into the challenges enterprises and organisations face in keeping their infrastructure secure and safeguarding valuable data. At LogPoint, Knuutinen is responsible for designing and proofing cybersecurity solutions across the Nordic market, supporting the LogPoint teams in Finland, Sweden, Norway, and Denmark.