Cloud Tech caught up with Andrew Egoroff, Senior Cybersecurity Specialist at ProcessUnity, to discuss the increased threat around the Russia-Ukraine crisis and how to mitigate risks from third parties.
A business can implement excellent internal cybersecurity measures, but a slip-up from a third-party vendor can have devastating consequences. ProcessUnity specialises in helping businesses determine what vendors carry the lowest risk.
“We try and evangelise the philosophy of assessing your third parties with the same controls you’re using for your internal network,” explains Egoroff. “If you consider third parties to be an entry point into your network, then it’s very key that you have those sort of controls.”
Most vendors will have done some previous assessment of their cybersecurity against an industry framework. If they haven’t, it might be time to consider a different vendor.
Egoroff has some additional tips to lower a specific vendor’s risk to your organisation.
“Understanding what data is in your internal network and what the external third party has access to defines the controls required,” says Egoroff.
“For example, if you’ve got credit card data and your third party is accessing that data for whatever reason—that starts defining the scope of not only your infrastructure but also the controls that need to be applied around that set of data for that third party.”
Zero-trust models are being increasingly evangelised. The idea behind zero-trust is that implicit trust is eliminated and only the bare minimum access to perform certain tasks is assigned.
Egoroff believes more organisations should adopt a zero-trust model and notes how the Russia-Ukraine war highlights the need to do so.
“There was a bug bounty released by organisations on the Russian or Ukraine side asking for people to find vulnerabilities against infrastructure, public services, that sort of stuff,” says Egoroff.
“The term that I heard was that now is the first time in history that everybody can participate in a war. It’s really enhancing or furthering that importance of making sure there’s zero trust.”
The heightened risk around the conflict drives home the need for robust cybersecurity measures.
“It’s not just a simple case of doing an assessment or running a vulnerability scan and achieving a baseline—it’s that constant checking to ensure that your infrastructure your assets have been patched, the appropriate controls are put in place, and any access to that data is constantly being checked,” explains Egoroff.
“You need a platform like ProcessUnity that allows you to interface with a lot of technologies out there and have everything in a single pane of glass to facilitate and make more efficient those processes to make sure you’re getting constant checks against all those various data points.”
Hackers on both sides of the conflict are getting involved—from independent to state-linked actors, individuals to larger collectives like Anonymous.
Western firms can be targets for voicing their opinion, offering assistance, suspending their operations, or simply due to their government’s support of one side. Egoroff believes the conflict has increased the global cybersecurity risk.
“It’s so easy now nowadays for anyone to either become a participant or a victim in this process,” says Egoroff.
Egoroff believes some comfort should be taken in the fact there’s now greater cybersecurity awareness from businesses and individuals.
“Everybody’s using MFA (Multi-Factor Authentication) for example, because a lot of these actors are out there using the existing traditional ways of getting into places like social engineering and phishing.”
However, Egoroff notes there’s been a huge increase in attacks against both the Russian and Ukraine side and that will inevitably bleed over into attacking Western companies and individuals.
NATO has been strategically ambiguous about what kind of cyberattack would trigger a collective response under Article 5, but the danger is certainly there. Much like all it could take to seriously escalate the conflict is one stray missile into NATO territory, all it could take is a cyberattack that spills over.
“If you take an example of the Russians accidentally, or on purpose, knocking out public services or power for a NATO-aligned country … if you consider the fact that cyber warfare can have detrimental effects – quite real tangible effects – then there’s no reason why it couldn’t escalate into a military response,” comments Egoroff.
Many security analysts predicted that a conflict with a powerful cyber actor like Russia would see it launch a major cyber offensive within hours, let alone days or weeks. We’ve seen many quite rudimentary DDoS attacks taking government websites and things offline, but not really the kind of attacks on critical infrastructure that many expected.
One potential explanation for the lack of such a major cyber offensive is the risk of spillover prompting a NATO response. We asked Egoroff if he believes that’s the case or whether modern cyber defenses are proving to be robust when quite literally battle-tested.
“I think it’s a combination of both. I think people generally are becoming more aware when there’s a heightened risk of attacks,” says Egoroff.
“From a government perspective, you know there’s certain controls and measures they need to put in place to protect against that but I think the nature of war is that a lot of these things that may be happening aren’t being particularly advertised.
“I think a lot of these actors on either side are attacking more government facilities or military facilities so by its very nature you’re not going to hear about that stuff anyway.”
Quite early on in the conflict, the Ukrainian government put out a statement warning civilians and soldiers about potential ‘deepfake’ videos. In the past week, a Ukrainian news website was hacked to post a deepfake video of President Zelenskyy calling on Ukrainians to “lay down arms”.
Fortunately, it was a poor deepfake and combined with the awareness campaign it probably didn’t fool anyone. However, it’s an example of how cybersecurity threats have evolved in the past few years alone.
One cybersecurity threat that remains the same is social engineering, especially over email. A report from Trend Micro released this week found that 75 percent of cyberattacks now start from email.
“I’ve always said to all the sort of clients I work with that social engineering is hugely underestimated. You can put all the high tech firewalls and data loss prevention controls in place, but all it takes is an email and someone to intermittently pick a link or click a link opened up and you’ve compromised everything,” explains Egoroff.
“You’ll find that there’s a lot more sophisticated phishing and social engineering as in person-to-person type threats that happen—someone ringing up and coming across as a fake person from a company.”