Russia-Ukraine conflict: Some key lessons in cybersecurity

By Sam Wambugu

Russia-Ukraine’s raging conflict serves as a sober reminder that while we hear more of tanks, missiles, and boots-on-the-ground, cyber warfare is going on in tandem. Cyber-attacks sponsored by state and non-state entities often spike when geopolitical tensions rise.

Russia has long been known for spying and spreading propaganda using digital tools. Russia has amassed vast amounts of premium information, including information meant to confuse the Ukrainian fighters and the world backing them. Critical systems on the bullseye of hackers include energy, transport, health, financial institutions, and election systems.

The previous wars weren’t any less bloody, but the difference is that technology has improved so much that wealthy countries have sharpened their tech spears and are ready for assault when the time comes.

Cryptocurrency makes it possible to pay the bad boys behind hacking and espionage without fear of being tracked and caught. Zcash and Monero, two little-known cryptocurrencies, are particularly liked by cybercrooks. Compared with Bitcoin, these have tighter privacy settings. Cyber-surveillance authorities have a hard time unravelling their unique privacy features.

Africa shouldn’t sit back and relax just because the Russian-Ukrainian war is being fought a continent away. Financial institutions, critical infrastructure providers, government contractors, and even internet service providers themselves must be prepared to be tested by cyber bad boys and girls without notice.

Advertisement

Cyber insurance

Although the information rarely makes the news, institutions lose millions every month to cybercriminals. The software running systems in many companies are not rigorously tested, rarely meet industry standards, and therefore, prone to compromise. And yet, they cost these companies a lot of money.

In addition, cyber insurance has not taken root in our society. Cyber insurance generally covers business liability for a data breach involving sensitive customer information and losses from compromised cyber systems.

Organisations need to adhere to industry standards to qualify for cyber insurance. Standards will raise the bar on the types and quality of software running in organisations, their security features, staff training, backup systems, and the presence of tools to automatically detect attempts to gain access, whether successful or not.

As the country’s political stew boils, we shouldn’t get our eyes off critical systems, regardless of their size. There is no such thing as a company too small to be attacked. Our systems are so interconnected that a breach in one could trigger a domino effect across many others, resulting in a national security incident.

A top priority should be a review and fine-tuning of the technology tools used by the government and institutions involved in preparing and conducting the election.

The people responsible for protecting our cyberspace must be vigilant 24/7/365 and leave no room for guesswork or gray areas. They must be armed with the right skills and resources to protect us. Continuity and recovery plans should be tested and tested again.