I just finished up another large conference call with over 4000+ people from IT Services Providers around the country. Everyone is worried about what additional risks the war in Ukraine and the West’s responses against Russia poses to small business in the US.
First the good news: currently it is not posing any new risks. According to threat monitoring organizations, most cyber activity is focused on Ukraine and activity against US targets is at normal levels.
Next, what should you do: The broad consensus is that whether it is a nation state, cyber crime ring, or hacktivists, the same tactics are used to attack the same vulnerabilities as always. So the #1 thing to do is make sure your business is implementing good cyber hygiene. If you are a Complete Care customer, we are doing that for you. If you are not, then it is likely there is more to be done to improve your business’ cyber hygiene.
When it comes to speed, you don’t have to be the fastest person in the woods. You only need to be faster than the slowest person in your group: Because that’s the person you’ll have to outrun if you surprise a hungry bear.
Now the bad news: This could change at any time if the political situation changes. However, most experts on the call agreed that it is unlikely a full cyber war would break out between the US and Russia for two important reasons:
- Most nation-state cyber infiltration is about gathering information. If you attack your foe, you expose your presence, and lose the ability to gather information. And while cyber-war is scary, world war III is much more so. Hence, gathering information is more important than creating cyber damage (for nation states).
- Both the US and Russia would retaliate if cyber-attacked and could do comparable damage to infrastructure. Hence the principal of mutually assured destruction makes this an unlikely path for a country to choose.
What could happen?: The big worries of the super-experts focused on disruption. The biggest disruptions that worried them were the Internet and ports. We see a lot of news about electric grids etc., but the experts were much less worred about this because the impacts would be short-lived and limited.
So in conclusion, what you as a small business can control is your investments in and focus on cyber hygiene. Focus your attention there.
It may also be worth thinking through how your business would operate if there were a significant and persistent, country-wide disruption to internet services. If your business cannot operation without the internet, you should think about this carefully – I know we will this week.
About Steve Kennen
As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.