Choose your topics

What is Risk Management in Cybersecurity?

Let’s explore the essentials of risk management in the context of cybersecurity to help you understand how to identify, assess and mitigate cyber threats effectively.

Cyber Risk Management Enterprise Risk Management
3 Best Practices for Data Privacy

With more technology comes more data, and with that a greater need for data privacy enforcement. What best practices should you be following?

Data Privacy
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Cyber Security

Cyber Threat Briefing: Assessing the Russian Cyber Threat Landscape

Cyber Threat Briefing: Assessing the Russian Cyber Threat Landscape
Written by

Hugh Raynor

Published on

19 Apr 2022

Cyber Threat Briefing: Assessing the Russian Cyber Threat Landscape


For some years now, geopolitical conflicts have been as much about bits and bytes as they have boots and bullets. The digital landscape has become a battleground in its own right, with state-sponsored cyberattacks becoming increasingly common. From social engineering and spear-phishing, right through to the highly-technical exploitation of zero-day vulnerabilities, nation-state threat actors tend to be sophisticated, organized and well-funded. 

They also tend to have very specific targets in mind, whether it’s destabilizing a rival country’s economy by attacking its financial sector, or sparking civil unrest by attempting to disrupt its supply of food or its ability to provide adequate healthcare. However, that doesn’t mean there cannot be collateral damage. 

In the run-up to Russia’s invasion of Ukraine, there was a 1,885% increase in attacks on government targets, a 775% increase in attacks on healthcare providers, and a 152% increase in attacks on the education sector.

The conflict in Ukraine, for instance, has increased the “spillover” risks of global cyberattacks considerably. While nearly 9 in 10 cyberattacks worldwide are currently targeting Russian or Ukrainian organizations, the fallout from those attacks is likely to impact the entire global threat landscape. While the NCSC advised there are no direct threats to UK organizations as a result of the conflict, it did emphasize that companies should still be taking action now to bolster their cyber resilience.


How threat actors are selecting their targets


Just because state-sponsored cybercriminals are currently targeting government organizations, it doesn’t mean private corporate entities are safe. Software supply chain attacks, such as last year’s SolarWinds breach, can impact tens of thousands of businesses in pursuit of an actual target. The SolarWinds breach, suspected to have been orchestrated by Russian actors, not only impacted government organizations like the Department of Justice and the Pentagon, it affected more than 10,000 businesses across a variety of sectors. 

The risk of collateral damage from state-sponsored cyberattacks is something that every business in every sector should be mindful of when reviewing their security controls and risk posture. 

The fallout from cyber warfare isn’t a new threat. In the past decade, there has been a 440% increase in global cyber warfare attacks, with businesses often getting caught in the crossfire. As government organizations, private companies, and the software supply chains that connect them, get ever more sophisticated and interdependent, the risk to all organizations increases – not just those that are targeted.  


Increasing your organization’s cyber resilience


We’ve already established that, whether targeted or not, your organization is more at risk given the situation in Ukraine right now. Whether your organization is likely to be a target of nation-state actors or not, now is the time to increase cyber resilience and the robustness of your default risk posture. 

Organizations must start viewing the threat landscape holistically rather than as a sequence of individually targeted attacks. 

The principle of zero trust or “least privilege”, for instance, should be a core part of any organization’s overall security policy and culture. We live in an age where even relatively trivial and basic settings such as DNS entries can be hijacked and used by attackers to gain access to a company’s intranet. 

Zero trust is useful because when hackers do breach a network they very rarely land in the place they intended to be, which means they often move laterally around a network until they find what they are looking for. By employing zero trust as well as other measures such as multi-factor authentication, organizations can stop these lateral movements and limit the amount of potential damage an attacker can do. 


The increased risk of spear phishing

Raising staff awareness of phishing tactics should also be a bare minimum for organizations looking to minimize their exposure to threats like ransomware. These attacks leverage social engineering and are almost 100% dependent on staff overlooking minor details or being too open to persuasion. 

According to reports, 91% of all successful data breaches in 2021 began with a spear phishing attempt, and 84% of those were ransomware-based. 


What makes spear phishing more effective than regular phishing scams is that spear phishing is usually more sophisticated and highly targeted in nature. Whereas regular phishing will be a “shot in the dark” numbers game, hoping that some employees fall for a fraudulent email or click on a bad link, spear phishing will usually involve tailoring emails to a specific individual, leveraging any kind of intelligence to make the email seem more genuine. This makes standard automated phishing prevention tools less effective, meaning your organization needs to increase its vigilance, training and overall awareness.

While technology can evolve, becoming more accurate and efficient with each new iteration, humans and their proneness to error and misjudgment will remain constant. This is why spear phishing and social engineering are still core tactics employed by threat actors – humans will always be the weakest link in the security chain. 

It’s become clear in recent years that international conflicts such as Russia’s war on Ukraine serve as an accelerant for cybercrime in general. State-sponsored attacks move the needle and often lead to new cyberattack methods, facilitating the rise of ransomware-as-a-service, which has the potential to ultimately impact every business on the planet. 

To learn more about the risks your businesses might be exposed to as the crisis evolves, listen to our latest Cyber Threat Briefing on our YouTube channel or Podcast.