Perhaps uncustomary to see such an alert from Russia warning its business sector of US cyber assault, but that is exactly what happened at the end of Jan-21.  The Russian National Coordination Center for Computer Incidents (NKTSKI), a sub-entity of the Russian Federal Security Service (FSB), issued a security bulletin warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.  The alert came shortly in the wake of the Biden administration comments on twitter <here>.  The alert mentions “In the face of constant accusations against the Russian Federation by representatives of the United States and their allies of [Russian] involvement in organizing computer attacks, as well as threats from their side [of] ‘retaliatory’ attacks on the Russian Federation’s critical information infrastructure, we recommend taking the following measures to improve the security of information resources.”

This is perhaps a watershed moment that marks the start of a cyber-offense campaigns between the two sides which may drag many private sector organisations in its wake as collateral damage.  Never before has the threat of cyber attack from nation state actors been so real and immediate.  The implications for businesses stuck in the middle can potentially be very significant if this trend continues to play out as a tit-for-tat game.  Supply chains and service providers involved in critical national infrastructure services in particular, as well as the general business communities, may be well advised to consider bolstering their cyber hygiene to at least mitigate the damage, if not prevent the breaches, when such campaigns are mounted.  In an increasingly connected world and interconnected public/private sector supply chains, it is no longer prudent to say “our business holds no interest to nation-state cyber actors”.

Insurers and insurance policies may also come under some strain and dispute during this period of unrest as these nation-state cyber-war-games play out.  We would advise all our clients that hold and rely on cyber-insurance policies to have a review of their cover and understand well any exclusions and caveats that may underpin their cover.

Read the full article by clicking button below.