Cybersecurity is a corporate social responsibility, especially in times of war

We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!


Across cyberspace, all organizations are potentially part of the war. In an effort to prevent harmful cyberattacks, US President Biden recently signed legislation requiring critical infrastructure entities to report any cyberattacks within a specific timeframe, and the same goes for the EU, which has put in place similar legislation. However, organizations in other sectors are not immune and should prepare for similar threats. It is no longer a question of if a company will be targeted but when.

Critical infrastructure or not. Intentionally or not. Voluntarily or not. State-run cybercriminals, state-sponsored hackers and cyber groups, publicly announcing their support for Russia, are already preparing to deploy cyberattacks to wreak havoc and disrupt vital services, government functions and the communication with the public.

Organizations have a corporate social responsibility (CSR) to build strong cybersecurity defenses and prepare for a scenario in which Russia deploys cyberattacks on an unprecedented scale. There are many ways for an organization to become hostage to a global cyber war.

The threats

A preferred method of state-sponsored threat actors is the supply chain attack in which attackers target a trusted partner or third party to deploy their attacks. For example, Toyota recently had to shut down 14 factories and 28 production lines for an entire day due to a contractor attack.

In this threat landscape, organizations risk becoming the gateway for supply chain attacks against critical infrastructure organizations, such as power, financial services, or hospitals.

Another widely used vector is DDoS attacks aimed at disrupting services by overloading servers and infrastructure, as we have seen in both Ukraine and Russia. Attackers need so-called botnets to deploy these attacks and hijack insecure devices, such as IoT devices, to accumulate the traffic needed to cripple vital services.

Imagine Russian state-sponsored actors taking over your network and infiltrating key components of your product or service, unknowingly making you appear as the aggressor against your own business partners.

Ransomware attacks have been in the news for the past few years, with high-profile attacks on Colonial Pipeline, JBS, and Kesaya. CNA Financial reportedly paid $40 million to regain access to the files and restore their operations. The ransomware threat has proven to be widespread and destructive. And last week, the United States indicted Russian nationals who allegedly took part in sophisticated attacks on critical infrastructure.

View cybersecurity protection as 24/7 CSR

Several ransomware groups have declared allegiance to Russia. Falling victim to a ransomware attack by these groups could result in organizations permanently losing access to critical data or paying the ransom and potentially contributing financially to continued Hybrid Warfare.

The list of ways to neglect CSR through poor cybersecurity is long. And it is important to note that liability is not only relevant in times of war. Cybersecurity has always been a corporate social responsibility. But it has never been more obvious than now.

At all times, organizations without adequate cybersecurity assume significant risk on behalf of their customers, employees, partners, and environment due to the ever-present threat of supply chain attacks, data theft, ransomware, DDoS attacks with real human and societal impacts. impact.

The Colonial Pipeline ransomware attack, leaving Americans without gas for weeks; the supply chain attack on Kesaya forcing COOP to close supermarkets in Sweden; the cyber intrusion that allowed cybercriminals to alter levels of sodium hydroxide in Florida’s water supply to dangerous levels – all of the attacks happened because the guards were down.

Now is the time to act if you haven’t yet put cybersecurity at the top of your business agenda. It is crucial for companies to be able to put in place a strong cybersecurity posture capable of defending against known and unknown cyberthreats.

Initiate

During the cybersecurity labor shortage, it can be difficult to hire enough skilled employees. Companies can instead turn to AI and automated solutions or partner with a managed security service provider that provides 24/7 cybersecurity with sufficient capabilities to detect and respond to cyber threats.

Additionally, organizations need to stop thinking that cyberattacks won’t happen to them and stop assuming that securing only the outer perimeter protects them. It only takes one cybercriminal to successfully slip through the cracks one time and gain access to your IT environment and make your organization part of a larger cyberattack or jeopardize the operation of your business.

The current war has prompted Western organizations to pledge support for Ukraine, with many companies ending their engagements with Russia, in the form of sanctions, corporate responsibility standards or to manage their reputations. However, ignoring how cybersecurity acts as a form of CSR puts organizations, their customers, and their employees at risk of becoming tools to help Russia in its cyberwarfare, contradicting their initial good intentions to expose Russia.

Jesper Zerlang is CEO of Logpoint.

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.

If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider writing your own article!

Learn more about DataDecisionMakers

Leave a Comment