Cyber Risk - No Entity is Free. 

No business, industry or geography is free from cyber risk.

As geopolitical tensions continue to increase in Ukraine, we are in a realm of increased cyber risk at a global scale. No business or industry is free from risk and individuals and organisations alike need to be aware that cyber attacks will not just come from geopolitical threat actors, but criminals will take advantage of any event or distraction being felt globally and use it as an opportunity to execute their nefarious activities. They will catch any business, public or private, large or small off-guard. No entity is free from this ever-increasing risk. 

Governmental bodies across the globe are releasing alarming statements to warn and urge people to prepare for this incoming risk. Ireland is on “high alert for cyber attacks", stated Simon Coveney, Minister for Foreign Affairs and Minister for Defense. Cyber attacks across Europe have increased by 25% in the last three weeks as the war in Ukraine continues. Minister Coveney added that cyber attacks are a "constant threat" that "Ireland is a target" of and we must take this seriously. 

Similarly, President Joe Biden has stated that "the magnitude of Russia's cyber capacity is fairly consequential and it's coming" and the White House has warned that "evolving intelligence" has heightened the threat of incoming cyber attacks on businesses and urges business leaders to act immediately to protect themselves from the highly likely cyber attacks. 

In latest media news, it has been reported that the data of potentially hundreds of organisations has been viewed or acted upon in a cyber attack of the Okta software company. The Chief Security Officer of Okta, David Bradbury revealed that the cyber criminals accessed the computer of a customer-support engineer over a five-day period in mid-January. Bradbury explained that the attack was "analogous to walking away from your computer at a coffee shop, whereby a stranger has - virtually, in this case - sat down at your machine and is using the mouse and keyboard”. The Lapsus$ group claimed responsibility for this attack and stated online that they were “focused on (Okta’s) customers”. 

As in the Okta case, cyber threat actors can lie in a network for months on end without being detected, preparing to cause damage when the time is right. So as an individual or as a business leader, it is a good idea to operate with a cautious mindset and prepare yourself, your teams and your entire organisations’ networks and devices as if there is already a cyber criminal in your network or there is going to be one attempting to penetrate your security controls when you log off at 17:30. 

Be ready and be armed with education and sufficient security controls to keep your stakeholders safe. Sufficient protection begins with education, so act now and educate yourself, your team and your entire organization about the types of cyber risks that exist. Taking the time to put precautionary measures and security controls in place will be easier than dealing with the often severe after effects of a cyber attack.

To help you, we’ve composed a short list of steps you can take today:

Educate all employees on the importance of fundamental cyber hygiene practice. 

Deploy the use of multi-factor authentication on all systems and devices. 

Communicate with all employees to ensure that all systems are being patched and protected against known vulnerabilities. 

Send a business-wide communication asking all employees and any third party accessing your network to create unique and complex passwords on all devices that access your network;
- 10-12 letters, of which:
- 1-2 are CAPITAL letters
- 1-2 are numbers
- Include special characters also (!’#$%’)

Back your data up with offline backups, beyond the reach of cyber criminals. 

Encrypt your data so that it cannot be used if it's stolen.

Ella O’Neill is a Cyber Agent at ICTTF