Notice: The Chamber's documentation and customs declaration services announce festive opening hours. Click here to view.

It’s apparent that there is a cybercrime epidemic, but has the situation unfolding in Russia and Ukraine just aggravated it to the point of a global cyberwar?

There is no question that The Russian Federation has invested a lot of resources into finding weaknesses in other countries’ infrastructure. With alarming events unfolding in Eastern Europe and a history of state-sponsored cyberattacks, should a business owner in the UK be concerned?

The world’s first cyber-kinetic weapon, the father of cyber weapons is Stuxnet, discovered in 2010 and allegedly developed collaboratively by the US and Israel to cripple the Iranian and North Korean nuclear weapons program. The attack marked a turning point in the history of military technology and cyber security. The weapon's developers hoped to create a weapon that could destroy strategic targets while minimizing the impact on the average person.

However, we live in a ‘flat world’ due to the interconnectivity of the world wide web and despite attempting to perform a specific targeted attack, there was splashback and Stuxnet ended up infecting a colossal amount of computers across multiple countries, causing catastrophic loss and damages to businesses of all sizes.

The reality is, performing a successful cyberattack has never been easier or more alluring to perform; as the level of technical proficiency and sophistication of cybercriminals increases, cybercrime-as-a-services being a lucrative business model (with excellent rates of pay), the motivation for choosing a career in cybercrime has never been so attractive. Hence the growth in the industry.

Many cybercriminals gain access to your network by exploiting vulnerabilities, such as an inactive email address from someone who left the company months or even years ago.

Hackers lay dormant in your system for months learning all about how your business operates. For small businesses, that can be fairly straightforward. Hackers will learn your language, the way you communicate through emails, and the way you do business, they are just lying there like snipers waiting for their chance to strike.

And when they do, what do you do, and what can we do to protect our companies?

Right now there is a high possibility of businesses being harmed by the splashback of a state-sponsored attack. The latest news suggests that the UK is at risk from the Cyclops Blink malware that has been unleashed in Ukraine. This is sophisticated malware that targets Firewalls. Global cyber warfare may no longer be a hypothesis if that were to hit our critical infrastructures, such as our banking, energy & communications infrastructure.

In the event of a traditional cyberattack, you would immediately refer to your Disaster Recovery Business Continuity Plan, the first step will most likely be to contact your cyber security insurance provider who may suggest you pay the ransom to get you back up and going. If you’re part of an organisation that takes cyber security seriously then your management team will have already agreed to their appetite to pay ransoms and may even have a Bitcoin account available for the transaction, setting one up can often slow down the process. However, Cyclops Blink could be classified as a state-sponsored attack, we may discover that paying a ransom to those who benefit financially from terrorism is illegal, rendering us impotent.

To strengthen your cyber resilience the aim is to have a process in place that will allow the business to keep going in the event of a successful cyberattack.

1. Invest in cyber security insurance; it is critical, your insurance provider will be the first people you call if something goes wrong; they are experts and will advise you on what to do next.

2. Get your leadership team together and develop a Disaster Recovery Business Continuity Plan; this plan will guide you and everyone else in the company so you don't waste time running around like headless chickens.

3. Contact your internal or external IT team; getting everyone on board as soon as possible will help minimize the damage to your business.

4. Culture; after Piper Alpha, the oil and gas industry has become experts in creating a safety culture on and offshore, so successful no matter where you sit in the organisational structure, no employee is fearful of telling their CEO to hold a handrail or put a lid on their coffee cup; we need to develop the same impact on cyber security culture.

If ever there was a time to start having an internal conversation about cyber security and the impact on your business, it’s now. If we share the responsibility of cyber security across all business owners, leaders, and influencers we have a much higher chance of increasing the UK’s overall cyber security resilience.

Jennifer Taylor is Business Development Manager at Nimbus Blue.


More like this…

View all