Since the Russia-Ukraine conflict began, various executives and directors, mainly Technology Directors (also known as CIOs or Chief Information Officers, for its acronym in English), Information Security Directors (known as CISOs or Chief Information Security Officers, for their acronyms in English) have expressed concern since in the security committees, management committees, and audit committees where they participate, it has been questioned whether the situation of the existing war conflict (Russia-Ukraine) could increase cyber attacks against organizations. It is common that in this type of situation some people without access to hard data make speculations or even conclusions that could be wrong. In current times this is increased by the use of social networks. It is logical that there is this concern in organizations, given that today managers are much more aware of the latent risk that exists of being the victim of a cyber attack at any time, and that it could significantly affect the business. The important thing is that these valid concerns can be addressed based on objective data and without speculation.
The first aspect that is important to clarify is that everything that is called “geopolitical cyber warfare” usually happens before an armed conflict is declared, therefore, cyber warfare already existed before the Russia-Russia armed conflict began. Ukraine. Beyond the unfortunate aspect of an armed war, if there are cyberattacks between the two countries, it is not really the concern of organizations today; what is a concern is to understand if, due to the existence of this armed war, cyberattacks could increase in organizations in Mexico and Latin America and in which case how they should strengthen their controls and be more alert.
To answer this as transparently as possible, we rely on hard data and objective evidence. In this sense, Deloitte has a global intelligence team that is dedicated, among other things, to identifying, monitoring and recording all the activities of existing cyberattacks in the world; This global intelligence center has highly trained professionals in the field and uses state-of-the-art technology developed for such purposes. This team not only monitors public global cyberattacks, which are visible and known, but also those that occur on the “Dark Web” which is the internet that is not accessible from a common browser. The result of the work of the global intelligence team generates the inputs to implement what is called “cyber intelligence”. The purpose of this intelligence is to help organizations better protect themselves in order to have a more robust level of cybersecurity. Intelligence allows proactive anticipation since it is not only important for organizations to have effective controls and be resilient when a cyber incident occurs, but also to be able to anticipate a possible cyber attack. In recent years, Deloitte has invested significantly in specialized professionals, as well as cutting-edge technology.
Based on the intelligence generated by this center, and on the evidence that exists so far, we can conclude that cyber attacks on organizations have not increased due to the existing armed conflict. What we do see is the growing trend of cyber attacks that has already existed for several years, and that will continue to increase, but not necessarily boosted by a war.
According to Deloitte’s global survey “The Future of Cyber” which includes more than 600 CEOs (Chief Executive Officers) interviewed there has been an increase in cyber attacks. 69% of those surveyed responded that their organization suffered a significant increase in cyberattacks between the beginning of 2020 and May 2021; responses were consistent across geographies and industries. Even 32% indicated that operational disruption was the biggest impact they suffered, followed by 22% who indicated theft of intellectual property information, as well as 19% who indicated a decline in the value of their shares.
Related to this, a consideration that has been observed and whether organizations should take it into account, which is similar to what happened with COVID, is that criminal organizations that are dedicated to sending emails or malicious messages (what is known as phishing), use war news to get users interested or attracted by some sensational headline to enter said emails, web pages, social networks and become victims of a malicious practice. In other words, using the theme of the armed conflict as a decoy to gain access to computers, credentials, or confidential information. In this sense, organizations need to prepare, raise awareness and communicate these risks to their collaborators in order to prevent this type of incident.
In conclusion, we can see that up to now there has been no increase in the risk of a possible cyber attack related to the armed conflict, at least for organizations in Mexico and Latin America. However, if we observe a greater number of emails and malicious messages with the aim of stealing access credentials, and confidential information, among others, using war news; The main recommendation is that organizations communicate this risk and make their employees aware.
Paula Álvarez, Cyber Risk Partner at Deloitte