When the going gets tough, good planning pays off. Time pressure, fear, and adrenaline – this triumvirate, on the other hand, is the cornerstone for decisions many companies will regret. And many of these foundations were laid with Ukraine and cyber wars.
“Keep calm and carry on” – this poster hangs above my desk in the office on the G Data campus. Placed by the British Ministry of Information during World War II, this poster, which has since become a global icon, was intended to motivate the British in their darkest hour. Even today, 77 years after the end of the war, the core message has lost none of its topicality. Once again, a war is raging in Europe that is terrifying millions of people. Among them are people who are not directly threatened by hostilities and did not have to flee their homes. However, the waves of the conflict can be felt worldwide, in the economy, and as cyber war.
Cyberwar: Wave Of Targeted Attacks On Ukraine
In the first weeks of the war, there was great excitement everywhere because of the attacks on Ukraine. The question was asked many times whether an open cyber war was looming and what could be done in the face of this threat. These concerns are not entirely unjustified, given that the invasion was preceded by a wave of targeted attacks on Ukrainian authorities, banks, and media houses. These attacks aimed to create uncertainty among the population. Both sides are trying to recruit cyber guerrillas, contributing to the uncertainty.
Nobody doubts anymore that attacks on critical infrastructures can have devastating effects. And so, numerous journalists never tired of writing new horror scenarios and fueling the general panic and uncertainty. After all, horror stories always sell well. However, with a few exceptions, the “global open cyberwar” primarily occurs in newspapers’ articles, comment columns, and presentations by eager salespeople. But enough of the media criticism – let’s look at the actual situation.
Late Insight Into How Dangerous Cyber Attacks Are
Companies were startled, and the topic of IT security suddenly became the number one topic. Employees are not only in IT departments wondering how a company can protect itself from an attack from the Internet and how it can avoid becoming collateral damage to the conflict. The IT security industry has also taken notice. Because similar to the Corona crisis, the Ukraine conflict is also preparing to become a catalyst for many security-related projects that have always been put off until now. The cynic in me, however, wonders, “Why now? What is different today than six months ago?”
Sure, there’s the war in Ukraine. The fear of attacks from the Internet and cyber war. The fear that your own business could be damaged. But that was the case half a year ago. So why the rush all of a sudden? Do companies perhaps have the feeling that they have overslept? On a sober level, the initial commotion is primarily one thing: a bunch of adrenaline-fueled, panicked headless chickens running around aimlessly doing something. Much of what had previously been taken for granted has been called into question by the night’s events. That’s scary. That is understandable and understandable. But does that change anything about the initial situation and the threat scenarios?
Ensure Data Availability And Integrity
Companies have always tried to avert damage from themselves. For IT managers, the availability, integrity, and confidentiality of data in the company network have top priorities. You want to minimise damage as much as possible and remain able to act in an emergency. What has changed since the beginning of the war? Right: nothing.
A BSI warning about some security products caused companies to act quickly: the security products were uninstalled within hours, followed by frantic calls to other providers. Variations of this sentence came up repeatedly in some of these phone calls: “We’ve been on the phone for ten minutes now – when can I expect your offer?”
What’s happening? Businesses are removing the components that protect their most critical systems without having a replacement. Does this make sense? Not. The BSI has also spoken out in favour of replacing security solutions instead of switching them off. But this warning was ignored by numerous companies.
Cyberwar: Businesses Seek Control
Again the question of “why” arises. One possible explanation is that being in a position of powerlessness, being able to be active and do something, gives you at least a sense of control. Especially in small businesses and some medium-sized companies, this mechanism blossoms, the effects of which may not yet have been apparent. Because despite all legitimate concerns about the situation in the world: the rest of this world is not standing still, and that is especially true for cybercriminals and cyberwar
Once again: Some companies sometimes went for days without adequate malware protection because a replacement wasn’t available yet. Six months ago, no one would have even dreamed of this idea. The reaction would probably have been less than diplomatic if someone had seriously made such a suggestion.
Adrenaline, excitement, and self-imposed Time pressure are poison for rational decisions. But these rational decisions are precisely needed in an emergency. So what to do? Here we can all learn from the experiences of the aerospace industry. There, clever minds plan for all possible scenarios. And these are tested again and again. No pilot or astronaut enters a simulation expecting everything to go according to plan. They don’t practice for the 20,000 hours in which everything goes right, but for the two minutes in which everything goes wrong.
The Result: In a situation where an average person would have their hair stand on end and in which paralysing panic sets in, the professionals react completely calmly on the outside and are almost bored with outsiders. They have trained countless times for every scenario and every possible emergency, knowing what happens. They have trained themselves away from fear. You work calmly and calmly, but with maximum concentration and the necessary routine to solve the problem.
Old Wine In New Bottles
It is precisely this calm that management and IT managers miss. As tragic and terrible as the events are. The fact is that the Ukraine crisis has not changed anything regarding the initial situation and the requirements for IT security. The advice that was valid before the invasion of Ukraine remains valid. Network separations, such as between IT and OT, are still a good idea. A sensible logging strategy has been a valuable tool since the beginning of the war.
Proper rights management within the network was an important topic 20 years ago. And drafting an emergency plan should be considered good manners in every company that uses IT, as well as testing and constantly developing this plan. Bringing in external security service providers and using SIEM systems or external SOCs did not suddenly become important and valuable components of a security strategy overnight. The threat scenarios have not changed. Should we show heightened vigilance? Yes, definitely. But panic-driven hasty actions don’t get anyone anywhere.