Organizations Urged to Immediately Strengthen Cybersecurity Defences Against Potential Russian-Backed Cyber Attacks

Sunny Handa, John Lenz
Blake, Cassels & Graydon LLP
Contact
LinkedIn
Facebook
X
Send
Embed

On February 24, 2022, Russian forces initiated a series of deadly attacks on Ukrainian cities, resulting in an ongoing military conflict. Preceding these physical attacks were a number of cybersecurity attacks directed at Ukrainian organizations and infrastructure, which have occupied a growing role in the Russian military playbook both in Ukraine and in other countries. Western governments have imposed a suite of economic sanctions against Russia as a result of the physical attack on Ukraine.

On March 21, 2022, U.S. President Joe Biden warned that Russian-backed hacking groups could attempt to retaliate against these western sanctions by undertaking a campaign of cybersecurity attacks against western organizations. “One of the tools [Putin is] most likely to use … is cyber attacks,” noted President Biden. Citing U.S. intelligence leads, the President cautioned that the “magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” and urged organizations to “harden your cybersecurity defences immediately.”

All organizations should take immediate proactive measures to review their cyber preparedness with a view to identifying information security weaknesses and hardening their defences. Depending on the IT environment of the organization, these steps may include reviewing and updating privacy, password, patching and other policies, reviewing customer and supplier agreements for requirements related to information security, and preparing a data map to understand what types of data are stored by the organization and where (i.e., on what systems). While no protective measures will prevent 100 per cent of cyber attacks, often a little attention can go a long way towards mitigating damage to one's business.

In addition to hardening one's own defences, organizations should also pay attention to the information security and cybersecurity posture of the organizations in its supply chain, as attacks can rapidly propagate from one organization's environment to another. In other words, an attack may  spread from a trusted partner that was  the initial target of the attack. In many cases, the initial point of entry of malware comes in the form of an email from a trusted source.

Information and cybersecurity risks are not simply a concern for an organization’s IT department; they are part of an organization’s overall risk strategy, and should be evaluated and managed by its leadership team and not solely by its IT department.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Blake, Cassels & Graydon LLP | Attorney Advertising

Written by:

Blake, Cassels & Graydon LLP
Blake, Cassels & Graydon LLP
Contact
more
less

Blake, Cassels & Graydon LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide