Cloud Tech has caught up with Andrew Egoroff, Senior Cybersecurity Expert at ProcessUnity, to discuss the growing threat surrounding the Russia-Ukraine crisis and how to mitigate risks from third parties.
A business can implement great internal cybersecurity measures, but negligence from a third-party provider can have serious consequences. ProcessUnity specializes in helping businesses identify which suppliers have the lowest risk.
Egoroff explains: “We try and spread the philosophy of evaluating your third parties with the same controls you’re using for your internal network.” “If you consider third parties to be a point into your network, then it’s important that you have those kinds of controls.”
Most providers will make some previous assessments of their cybersecurity based on the industry framework. If they haven’t already done so, it may be time to consider another provider.
Egoroff has some additional tips to reduce the risk of a particular supplier to your organization.
“Understand what data is in your internal network and what external third parties have access to determine the necessary controls,” Egoroff said.
“For example, if you have credit card data and your third party is accessing that data for any reason — that starts to determine the scope not only of your infrastructure but also the controls that need to be applied around that data set of third parties.”
Distrustful patterns are increasingly being spread widely. The idea behind zero-trust is that the implicit trust is removed and there is only minimal access to perform certain assigned tasks.
Egoroff believes that more organizations should adopt a model of distrust and notes that the Russo-Ukrainian war highlights the need to do so.
“There has been a bug bounty issued by organizations on the Russian or Ukrainian side, asking people to find vulnerabilities to infrastructure, public services, those things,” Egoroff said.
“The term I’ve heard says that now is the first time in history that people can get involved in a war. Ensuring there is no trust is really enhancing or adding to that importance. ”
The increased risks surrounding the conflict drive the need for robust cybersecurity measures.
“It’s not just a case of simply performing an assessment or running a security vulnerability scan and achieving a baseline level — it’s about constant checks to make sure that your infrastructure that your assets have been patched, the appropriate controls put in place, and any access to that data egoroff explains.
“You need a platform like ProcessUnity that allows you to communicate with a lot of technology and have everything in a single pane of glass to facilitate and make those processes more efficient to make sure that you’re constantly checking all that different data points.”
Hackers on both sides of the conflict are getting involved – from independent actors to links to the state, individuals to larger collectives like Anonymous.
Western companies may be targeted to state their opinions, offer support, suspend their operations, or simply because of the support of one side of their government. Egoroff believes that conflict has increased the global cybersecurity risk.
Egoroff said: “Nowadays, it’s easy to be a participant or victim of this process.
Egoroff believes it should be comforted by the fact that businesses and individuals have now raised more awareness of cybersecurity.
“Everyone is using MFA (Multi-Factor Authentication) for example, because a lot of these agents are using existing traditional ways to infiltrate places like social engineering and scams.”
However, Egoroff noted that there has been a huge increase in attacks against both the Russian and Ukrainian sides and that will inevitably shed blood on attacks on Western companies and individuals.
NATO has been strategically vague about what kind of cyberattack will trigger a general response under Article 5, but the danger is certainly there. Just as all it can do to seriously escalate the conflict is a missile that strays into NATO territory, all it can do is an overrun cyberattack.
“If you take an example of the Russians accidentally or intentionally knocking down public services or power for a NATO-aligned country… If you think cyber warfare can have adverse effects – tangible ones that are quite real – then there’s no reason why it can’t escalate into a military response,” Egoroff commented.
Many security analysts predict that a conflict with a powerful cyber actor like Russia would prompt the country to launch a major cyber attack within hours, let alone days or weeks. We’ve seen many fairly rudimentary DDoS attacks that put government websites and things offline, but not really the kind of attacks on critical infrastructure that many expect.
One potential explanation for the lack of such a large cyberattack is the pervasive risk that prompted NATO to respond. We asked Egoroff if he believed that case or whether modern cyber defenses were proving robust when tested literally.
“I think it’s a combination of the two. I think people, in general, are becoming more aware as there is an increased risk of being attacked,” Egoroff said.
“From a government perspective, you know that they need to take certain measures and controls to protect against that but I think the nature of the war is that a lot of things that can be happening are not specifically advertised.
“I think many of these guys are attacking more government facilities or military facilities, so in essence, you’re not going to hear about those things.”
Early in the conflict, the Ukrainian government issued a statement warning civilians and soldiers about potential ‘deep fake’ videos. Last week, a Ukrainian news website was attacked for posting an in-depth video of Zelensky urging Ukrainians to “lay down their arms.”
Fortunately, it’s a poor understanding, and combined with an awareness campaign, it may not fool anyone. However, it’s an example of how cybersecurity threats have evolved in just the last few years.
One cybersecurity threat that remains unchanged is social engineering, especially via email. A report from Trend Micro published this week found that 75% of cyber attacks now start from email.
“I always tell all kinds of clients that I work with social engineering to be underestimated. You can put all the high-tech firewalls and controls to prevent data loss, but all it takes is email and someone constantly selects a link or clicks on a link that is opened and you’ve violated everything, “Egoroff explained.
“You’ll find that there are a lot of more sophisticated phishing and social techniques like in human-type threats to people that happen — someone calling and coming across a fake from a company.”
GIPHY App Key not set. Please check settings