An article in Industry Week asks whether the war in Ukraine will increase the number of Russian cyberattacks on American companies.
The answer is yes.
The article quotes cybersecurity expert Adam Levin: “We have seen an increase in phishing attacks originating from Russia that are directed at specific targets. Avanan, an email cybersecurity firm, reported an 800% increase since February 27. That’s almost certainly causal rather than correlative.”
Of course, the attacks might not be coming from Russia. China and North Korea are other possibilities.
Another expert, Ryan Cloutier, president of risk assessment firm SecurityStudio, says, “Attribution is the hardest part of cybersecurity. While we can take very secure guesses about who is carrying out an attack based on their sophistication and specific characteristics about the attack, it is usually very hard to provide definitive evidence to tie an attack to a specific country.”
On the other hand, when you have been hit by a cyberattack, why does it matter what country it comes from?
Cloutier cites some sectors that have been subject to attack, including defense, manufacturing, technology, state and local governments, and education.
The produce industry isn’t mentioned, but it would be a mistake to entrust your cybersecurity to the possibility that you are too small or obscure to notice. Blue Book has run guest columns from cybersecurity companies that serve the produce industry.
“There’s an irony to CISA alerts; companies that already have established cybersecurity policies will most likely respond accordingly and adjust their preparedness as needed,” says Levin. (“CISA” refers to the U.S. Cybersecurity and Infrastructure Security Agency.)
“Companies that are limited by budget, staff or that haven’t prioritized cybersecurity will not,” Levin adds.
The situation suggests that, Ukraine war or not, cyberattacks will, like the coronavirus, be part of the world we know from now on.
How can you adapt?
Personally, this is what I would do if I were the head of a comparatively small company (e.g., any one that doesn’t have the money to hire a full-time cybersecurity specialist):
1. Educate staff on the most obvious examples of cyberattack and how to spot them.
2. Find a reputable consultant who understands the issue from the point of view of your particular sector (not only what industry you are in, but how big you are).
3. Learn how much time and money it will take to protect yourself from at least the most likely cybersecurity risks.
4. Take the appropriate measures.
5. At the very least, have a conversation with your own IT people and see what they advise and what they need to learn.
Of course, this is news that nobody wants to hear right now. With escalating costs of labor, transportation, and practically everything else, adding another line item to your expenses is likely to make your stomach drop.
You might not even be able to afford any cybersecurity measures at present. But if you have a clear idea of their costs and the counterweighing risks, you may find it possible to fit some protection into your budget in the short or medium term.
