Are We Ready?
As our thoughts turn to the people of Ukraine this week, many security providers are re-living their experience with the global cyber-attack, NotPetya. In 2017, an attack on tax preparation software in Ukraine unleashed NotPetya, crippling operations across the world and costing billions. Ukraine has experienced debilitating cyber-attacks for years due to geopolitical conflicts. With added uncertainty returning to the region, cybersecurity risks loom. To be ready for them, security providers must proactively conduct risk assessments of their products and services in light of the growing geopolitical instability.
To be clear, we must leverage learnings from NotPetya about the nature of the interconnectedness of assets and software lifecycle for both enterprise IT and operations. Additionally, the breadth of the pervious attack left security service providers under-prepared and with limited operational expertise. So now security providers must ask the question, “Are we ready”?
7 Imperatives for Security Providers In Geopolitical Uncertainty
Security providers must step up their abilities and be ready to scale up to help end users. Services providers can start demonstrating value today by doing the following:
1. Break down walls, look across your organization, and be prepared to form Tiger Teams if needed to address issues quickly for the end-users you serve. Develop a contingency plan now that identifies the right expertise from all corners of your organization to join Tiger Teams to serve clients’ needs proactively
2. Identity and know your clients’ high-value assets upfront and talk with them about operational priorities and geopolitical risk factors. This will help you further plan which resources are critical to service end-user needs.
3. If available, leverage digital risk protection platforms to scan the dark web and social media for potential threats. To maximize intel gathered develop or revisit communication plans internally and externally.
4. Conduct red teaming and purple teaming exercises following NotPetya as a roadmap and closely reviewing and leveraging the lessons learned.
5. Redeploy industry expertise to help clients with business continuity planning and disaster recovery. Many of us have vertical expertise sitting in various lines of business aligned to existing service offerings. You will need to harness this talent in the next days and months.
6. For MDR providers: the labor market is tight, so you need to review your current resource plans for scalability, ensuring the right mix of operational and IT security expertise.
7. Exam software bills of material (SBOM) for hidden risk by working with geopolitical experts. Cybersecurity expertise is not enough, thinking about cyberwarfare requires geopolitical context. Political scientists, sociologists and national security experts are part of the team.
The key to success will be your ability to scale and connect the dots to operational risk. If you are thinking in terms of network security alone, you will miss the boat.
Finally, think about cyber-attacks with operational impacts that exploit the cyber/physical domain. While enterprise assets often offer a treasure of data to common bad actors seeking to monetize cybersecurity vulnerabilities, geopolitical actors have been learning and gathering intel across operational and critical infrastructure targets for years. If a cyberattack is imminent, your efforts will need to span a variety of assets quickly to avoid disruption