Russia is the advanced persistent threat that just triggered. Ready?

Data security looks very different when your life depends on it


Opinion Stress-testing security is the only way to be sure it works. Until then, the worst security looks much the same as the best. As events in Ukraine show, leaving the stress-testing of assumptions until a threat is actually attacking is expensively useless.

Yet if an untested solution is no solution at all, the problem becomes how you define an adequate test. In security, that means how far do your responsibilities go? 

There has been no shortage of attacks on Ukrainian IT over the past few weeks, with new and nasty malware and DDoS ramping up. Any more widespread aggression will follow the same model.

We may be about to find out together. As of the time of writing, the horrific aggression against Ukraine hadn't spilled out as cyberattacks beyond the territory.

It would be folly to bet on that continuing, especially as sanctions start to hurt and isolation freezes around Russia: commercial interests, personal data, and national infrastructures around the world will all be legitimate targets. 

That much is clear from the newly decloaked Putin. By way of justifying the invasion, he made a speech saying that Ukraine is not a country, that the West is an evil empire, and that Russia's security concerns are paramount. This thinking gives him licence to pursue attacks on anyone and anything online.

A man prepared to commit two-thirds of his armed forces to invade a democratic neighbour in the face of universal revulsion is not going to have qualms about lashing out at anything within reach on the internet.

What defence is available? Red-team testing your cyber resilience is one thing. Dealing with the successor to the Red Army is quite another. There has been no shortage of attacks on Ukrainian IT over the past few weeks, with new and nasty malware and DDoS ramping up. Any more widespread aggression will follow the same model. On that assumption, the Western intelligence agencies have started warning that the attacks are likely to extend worldwide.

Take the Canadian government's Centre for Cyber Security, which issued a post-invasion update for national infrastructure operators that is typical of the coordinated advice coming from intelligence agencies: Be prepared to isolate mission-critical systems from networks. Patch. Monitor. Make sure all staff are focused on detecting threats. And monitor alerts from CISA.

Expect a lot more of that sort of advice over the days to come, including much aimed at all sectors of business and private citizens. It will seem tiresomely familiar to security professionals, but that doesn't make it wrong, especially in the face of a new aggressor with nation-state capabilities and not much to lose. Complacency is not in fashion. 

If that's not enough to shake up your thinking, put yourself in the shoes of Ukrainian data techs and security ops. Beyond the unthinkable realities of surviving war, they have the extra responsibilities of how to safeguard systems and information so that they can't be used by the invader. Dictators love data, it gives them control over economies and people. That's a reasonable concern if you're looking at a future where you and those around you have ceased being citizens and become suspects.

Unthinkable, yes, except it's happening in a modern European democracy right now. While it's still unlikely that data centres in Swindon or San Francisco are going to be staffed by Spetsnaz any time soon, if the data is safe from physical compromise then it's doubly so from virtual. There are some laws even the lawless can't ignore – those of the mathematics behind encryption – and they'll protect your data in flight and at rest, if you let them. Key management. Audited policies. You know the drill. 

There should be posters on office walls: Best Practice Saves Lives. If you're not behaving as if your livelihood, even your life, depends on this, you're not stressing enough.

As to where responsibilities end, that's trickier. History, that academically sanctified hindsight, will decide on the details, but Putin's Ukrainian adventure will be seen as a failure of politics to protect security. This is decades of small decisions, each of which felt wrong to many but none of which was big enough to provoke a corrective reaction.

We can do better in that part of security entrusted to technology because for many that's the daily job. Not only can we de-hype the rhetoric and test it against reality, we have to. 

Time and again, the politicians attack data security that works, such as strong encryption, but even when as most recently that's wrapped up in distraction – such as age verification to protect minors – the alarm bells ring. That's an important part of security professionalism, to raise your voice when something is wrong, no matter what the arena. 

It doesn't take a Ukraine for those who understand data security to make the connection between deliberately weakening safety and increasing danger for individuals and organisations. Yet the bitter reality of Europe at war should drive the point home: we cannot afford to abandon any protection, to take as granted any assumption. The stress test will come whether we like it or not, and our responsibility to be as prepared as possible is absolute. ® 


Other stories you might like

  • IBM finally shutters Russian operations, lays off staff
    Axing workers under 40 must feel like a novel concept for Big Blue

    After freezing operations in Russia earlier this year, IBM has told employees it is ending all work in the country and has begun laying off staff. 

    A letter obtained by Reuters sent by IBM CEO Arvind Krishna to staff cites sanctions as one of the prime reasons for the decision to exit Russia. 

    "As the consequences of the war continue to mount and uncertainty about its long-term ramifications grows, we have now made the decision to carry out an orderly wind-down of IBM's business in Russia," Krishna said. 

    Continue reading
  • HP turns back on $1b in annual sales by quitting Russia and Belarus
    Revenue hit for HP far larger than many tech providers post-pullout but PC, print giant stays course

    PC and printer giant HP Inc. is boldly but belatedly turning its back on Russia and Belarus due to the continued conflict in Ukraine.

    HP was among the first wave of tech companies to suspend shipments to the countries soon after Russia invaded its neighbor on February 24, but now the company's president and CEO Enrique Lores is making the move more permanent.

    "Considering the COVID environment and long-term outlook for Russia, we have decided to stop our Russia activity and have begun the process of fully winding down our operations," he said on a Q2 earnings call with analysts.

    Continue reading
  • Protecting data now as the quantum era approaches
    Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

    Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

    It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

    A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading

Biting the hand that feeds IT © 1998–2022