Hybrid warfare redefined beyond borders
Geopolitical tensions in Ukraine are running high. The landscape of conflict today not only features active combatants but also places companies in critical infrastructure sectors such as energy, supply chain, healthcare, transportation, and banking in digital crosshairs.
As a high-intensity conflict draws closer and the situation becomes increasingly hostile among adversaries, companies should be on high alert for a wave of cyberattacks. At Constella Intelligence, we have been anticipating and preparing for an influx of cyber threat actors to target the public and private sectors across the globe. Based on historical threats related to this specific geopolitical conflict and geopolitical or social crises in general, is an expectation that there will be cyberattacks against private sector companies and critical infrastructure providers outside Ukraine. Just yesterday, a series of cyberattacks took the websites of the Ukrainian army, the defense ministry and major banks offline.
In recent years, state actors have become increasingly bold in tapping into cyber threat actors to conduct attacks with the goal of disrupting an enemy and damaging their economy. For example, we have seen the use of groups such as the Armageddon group linked to FSB to perform cyberattacks. This has resulted in a combination of cyberwar tactics, strategically used alongside more traditional kinetic warfare to achieve a multiplicity of ends, hence the description “hybrid warfare”.
In a recent piece, Daniel Lohrmann, an internationally recognized cybersecurity leader and technologist, noted that “many experts think that we may be in a global holding pattern until after the Winter Olympics in China. But it is clear that public- and private-sector organizations need to be on alert and ready should more global cyber attacks be launched (in whatever capacity) as a part of the situation in Ukraine at any time.”
Increasing warnings must not be taken lightly and should resonate with organizations worldwide—just look at the increase of breaches and ransomware attacks throughout the COVID-19 pandemic.
How Constella Can Help: Protecting your executives and employees at scale. All of them.
In an analysis of executive exposures across major sectors, including finserv, energy and pharma, a series of recent research reports by digital risk protection firm Constella illustrates just how much sensitive personal data of company executives in the top 20 Fortune Global 500 companies are in circulation. The research identified nearly 10 million exposed records related to corporate credentials, with 59% of executives’ credentials exposed in a breach in the last three years. This paints an alarming profile of vulnerabilities and high-risk attack vectors for threat actors to capitalize on.
Constella urges all organizations to comprehensively assess their cyber risk profiles and cybersecurity preparedness strategies to best understand the nature of the vulnerabilities that may impact their key individuals—including executives, employees, and other key stakeholders—third parties and supply chains, and digital and physical infrastructure. Given this, Constella recommends that organizations take proactive steps to safeguard their company and its assets from a digital attack.
You can begin doing this by asking the following three questions:
1. Are all your employees and executives educated and aware of the likely vectors of attack and entry points for cyberattacks against private organizations that may result as an outcome of geopolitical unrest?
2. Does your organization understand its current vulnerabilities and digital risk profile, including the exposed data related to all your employees, executives, and partners that can be weaponized to inflict financial or reputational harm on your organization?
3. Does your organization monitor, detect and respond, in real-time, 24×7, to any sensitive exposures related to your employees or executives?
Constella Dome is key to protecting executives, employees or VIPs —including public authorities and executives in private companies, specifically those linked to critical infrastructure such as energy, financial services, telecommunications, or pharma —which are consistent, high-value targets in hybrid cyberwar operations.
Let us help you stay one step ahead.