Russia-Ukraine war raises global cyber security risk, study shows

Conflict is an opportunity for companies to invest in their cyber infrastructure, according to Swiss bank Lombard Odier

Ukraine is no stranger to cyber incidents, experiencing a surge in cyber attacks particularly after 2014 when Russia annexed Crimea from Ukraine. Reuters

Russia's military offensive in Ukraine has raised the spectre of more cyber attacks, but it also presents an opportunity for investments to strengthen cyber infrastructure and prevent a spill-over economic effect, a new report from Lombard Odier found.

While cyber threats add to the risks challenging investors and institutions worldwide, the situation has compelled companies and governments to push the cyber security agenda further, the Geneva-based financial institution said.

Know your cyber adversaries

Cryptojacking: Compromises a device or network to mine cryptocurrencies without an organisation's knowledge.

Distributed denial-of-service: Floods systems, servers or networks with information, effectively blocking them.

Man-in-the-middle attack: Intercepts two-way communication to obtain information, spy on participants or alter the outcome.

Malware: Installs itself in a network when a user clicks on a compromised link or email attachment.

Phishing: Aims to secure personal information, such as passwords and credit card numbers.

Ransomware: Encrypts user data, denying access and demands a payment to decrypt it.

Spyware: Collects information without the user's knowledge, which is then passed on to bad actors.

Trojans: Create a backdoor into systems, which becomes a point of entry for an attack.

Viruses: Infect applications in a system and replicate themselves as they go, just like their biological counterparts.

Worms: Send copies of themselves to other users or contacts. They don't attack the system, but they overload it.

Zero-day exploit: Exploits a vulnerability in software before a fix is found.

The study highlights the fact that many organisations still lack adequate data security and protection measures, including software updates and staff training – a fact that came to the fore at the onset of the Covid-19 crisis, which cyber criminals happily exploited.

"Russia’s [military offensive in] Ukraine has raised fears of a cyber war with global consequences. Beyond the immediate risks, we believe the war in Ukraine will drive further growth in cyber security, with a range of investment implications," said Stephane Monier, chief investment officer of Lombard Odier Private Bank.

Cyber criminals are tipped to take advantage of the armed conflict between Russia and Ukraine, putting the spotlight on how organisations will respond and bolster their system defences.

Global spending on IT security and risk management was estimated to have increased 12.4 per cent to $150.4 billion in 2021, and is expected to grow in the high single digits through 2024, according to Gartner.

That is a fraction of the $4.5 trillion overall spend in the worldwide IT industry projected this year, the research company said in a separate report.

Ukraine, once a part of the former Soviet Union, is no stranger to cyber incidents, experiencing a surge in cyber attacks, particularly since 2014, after Russia annexed Crimea from Ukraine.

Quote
Russia’s [military offensive in] Ukraine has raised fears of a cyber war with global consequences. Beyond the immediate risks, we believe the war in Ukraine will drive further growth in cyber security, with a range of investment implications
Stephane Monier, chief investment officer, Lombard Odier Private Bank

Earlier this year, a number of Ukrainian websites were hit by distributed denial-of-service attacks, with hackers defacing some with a "Be afraid and expect the worst" message. Last month, in the lead-up to Russia's attack, several Ukrainian government agencies and banks were hacked.

In 2017, the NotPetya malware – a variant of the destructive Petya virus that first surfaced a year earlier – particularly targeted Ukraine and crippled utilities, media organisations and government entities.

Russia was tagged as the culprit behind the NotPetya attacks, 80 per cent of which were concentrated on Ukraine, according to cyber security company Eset. The debacle caused worldwide damage of about $10bn.

China, however, has been the top country of cyber attacker origin since 2006, according to the Centre for Strategic and International Studies and global affairs outlet Gzero Media.

Lombard Odier said the dangers of increased cyber risk are multifaceted. For industries, particularly those that provide automation and electrification services, hackers can potentially take control of critical infrastructure, similar to the attacks on Ukrainian utilities and even to a Bluetooth vulnerability in Tesla cars first reported in 2020.

Ukraine is a popular source of IT outsourcing services, with the government saying that more than 100 Fortune 500 companies use such services; as such, any attack can severely compromise Ukrainian clients and further out.

The study by the Swiss bank also pointed out that companies are increasing capital expenditure on edge computing – a distributed framework that brings applications closer to data sources, according to IBM – which can deliver strong business benefits, improved response times and, critically, reduce risks associated with the transfer of sensitive data.

"Within cyber security firms, we prefer companies with complete security platforms to those with standalone products; the latter could see their solutions integrated into other platforms," Lombard Odier said.

But it also cautioned that even the most software-centric companies are vulnerable to attacks, which spare no company, industry or country.

The report also cited the role of the cyber insurance market, a fast-growing but very small segment of the overall insurance industry, accounting for just 0.4 per cent of global property and casualty premiums, according to Swiss Re.

Cyber attacks can be costly to organisations: the average cost of an attack peaked in 2016, amounting to about $4 million, according to data from IBM's security arm.

The heightened tensions "could focus policymakers' minds on setting a clearer regulatory and legal framework going forward. That could pave the way for greater policy standardisation and market growth moving ahead", Lombard Odier said.

Russia's military offensive in Ukraine has destroyed about $100bn worth of assets and closed half of its economy so far, Ukraine's chief economic adviser Oleg Ustenko said on Friday. Both the International Monetary Fund and the World Bank have warned that the conflict is having an adverse effect on rising inflation.

Updated: March 12, 2022, 4:30 AM
Know your cyber adversaries

Cryptojacking: Compromises a device or network to mine cryptocurrencies without an organisation's knowledge.

Distributed denial-of-service: Floods systems, servers or networks with information, effectively blocking them.

Man-in-the-middle attack: Intercepts two-way communication to obtain information, spy on participants or alter the outcome.

Malware: Installs itself in a network when a user clicks on a compromised link or email attachment.

Phishing: Aims to secure personal information, such as passwords and credit card numbers.

Ransomware: Encrypts user data, denying access and demands a payment to decrypt it.

Spyware: Collects information without the user's knowledge, which is then passed on to bad actors.

Trojans: Create a backdoor into systems, which becomes a point of entry for an attack.

Viruses: Infect applications in a system and replicate themselves as they go, just like their biological counterparts.

Worms: Send copies of themselves to other users or contacts. They don't attack the system, but they overload it.

Zero-day exploit: Exploits a vulnerability in software before a fix is found.

EDITOR'S PICKS