The risk environment for business has elevated following Russia’s invasion of Ukraine. With that in mind, business leaders need to ask both their leadership team and their board: are we ready to mitigate escalating cyber risks borne out of geopolitical tensions?

Get to know your CISO

While prevention is preferable when it comes to cyber risk, the ability to respond and recover is equally important. We therefore recommend that boards urgently review their organisation’s cyber resilience, so that any weaknesses are identified and remedied.

A key collaborator in this process is your organisation’s Chief Information Security Officer (CISO). A simple table-top exercise with the CISO will help the board better understand the challenges, and how the organisation’s cybersecurity team is protecting against them. It will also give the board the confidence to act where weaknesses or deficiencies are identified.

Frame the conversation

During this table-top exercise, the leadership team and board members should explore the following:

• How exposed are our systems, people and assets in countries that are targets of attacks? How closely are we monitoring the connections into and out of those countries in our corporate systems?
• What’s the plan if we decide that we need to disconnect our systems? How quickly can we do it without harming our operations and our people?
• Do we have an incident response playbook? Have we done exercises to test it? When was the last time we tested our incident response plan? Have we discussed actions if hostilities begin? What are those actions?
• How sophisticated are our threat detection capabilities? Can we detect intrusions in real-time? How well do we monitor the crossover from our IT systems to the technology that runs our operations?
• Do we have strong relationships with national and/or local government agencies focused on cybersecurity? Have we contacted them regarding additional intelligence? How involved are we in industry or private sector groups that share information with the government? How do we distinguish between accurate information and the disinformation and leaks that nation state actors often deploy?
• How well do our employees help protect the organisation against theft of account names and passwords via phishing and social engineering? When did we last scan our systems to detect unauthorised (even if dormant) access?
• How good are our foundational cybersecurity capabilities? What is the state of our organisation’s cyber hygiene?

Start the discussion today

Business leaders must anticipate a much riskier cyber environment given today’s extreme geopolitical stresses, and plan accordingly.

Cybersecurity is not governed by global norms, and the volatile landscape businesses must now navigate will challenge what few self-imposed guardrails exist.

As a result, CEOs and boards will be forced to consider more consequential questions. Should we disconnect and isolate the systems in certain territories? Can we continue to tolerate the risks or accept a reduction in functionality or capability in certain territories? Should we accelerate key mitigating measures that will require a re-prioritisation of resources? The key, however, is to ask these questions sooner than later.

The eight key actions businesses can take now

While an organisation’s CISO will play a critical role in mitigating cyber threats, the entire business has a role to play. To provide the best protection, PwC recommends that organisations do the following:

1. Understand critical business processes and information assets
   Understand which processes and information assets, if impacted by a cyber attack, will have the biggest impact on your business from a customer, operational, regulatory and financial perspective.
   
2. Consider your broader ecosystem
   Don’t just focus on the resilience of your organisation. Consider the network of third-parties that enable you to operate effectively. How do you work together to adapt and change to rapidly evolving cyber risks?
   
3. Assess and mitigate cyber risks
   Understand risk by creating realistic threat scenarios that leverage past events, near misses and industry views. Assess the impact of each scenario to your ecosystem and capture mitigating activities, while also defining the risk appetite of the organisation.
   
4. Factor cyber resilience into product and service designs
   Protect your organisation from cyber attacks by building security into the design of technological changes. This could include using multiple layers of protection (defence in-depth), zero trust assumptions and fail-safe modes. The adoption of cloud-based solutions may also be considered to help bolster cyber resilience.
   
5. Build and maintain effective monitoring, detection and protection controls
   Look for, find and address abnormal activity across your IT estate using an advanced defence and detection capability.
   
6. Design and rehearse robust frameworks, plans and playbooks to respond to and recover from a cyber attack
   While organisations have tested and improved their materials to respond to and recover from a pandemic, it is key that these are also revisited and rehearsed for cyber security scenarios so that an organisation can return to business as usual operations as quickly as possible.
   
7. Build cross-industry support
   Proactively build relationships with similar organisations through government and industry bodies to build cyber resilience at a sector level, as well as within your organisation.
   
8. Build cyber security awareness and foster a security culture
   Use a range of communication channels to improve cyber security awareness among employees and third-parties. This should explain their role in keeping themselves and the organisation secure.

We are here to help you

As the war in Ukraine continues, CEOs and their boards must reflect on their organisation’s cyber strategy and investments. The cyber threat can, and likely will, increase further in the months ahead – and businesses must prepare accordingly.

Our dedicated team of cybercrime and IT forensic specialists are available to help you protect your organisation’s digital assets as you navigate the turbulence that lies ahead. Contact us today.