Tag Archives: Ukraine

Immediate Vault Immediate Access

Cyberrisk Management Tips for Businesses Amid the Russia-Ukraine War

Posted on by

A wide range of risks are trickling down from Russia’s assault on Ukraine, from sanctions compliance to supply chain disruption to business interruption. Cyberrisk has also drawn considerable concern and the threat landscape continues to evolve rapidly, though the details of increased cyberattack activity are not yet fully known and may be largely unfolding below the surface right now. Attacks attributed to Russia have been launched against a range of targets in Ukraine, including new destructive malware campaigns, targeted information-gathering against a range of civilian and government targets, and attacks on critical infrastructure.

Concerns about escalating cyber activity around the crisis are a vivid reminder of the importance of knowing your threat model and adjusting your risk management priorities accordingly. According to experts ranging from independent cybersecurity professionals to officials at the Cybersecurity and Infrastructure Security Agency (CISA), organizations at greatest risk right now include critical infrastructure, banks and other financial services firms, and of course key service providers in Ukraine or Russia.

Spill-over to other businesses is more likely with cyber conflict, however, particularly given Russia is one of the most advanced and aggressive nation-state cyber threat actors—remember the crippling global attack known as NotPetya that upended supply chains in 2017 resulted from a Russian cyberattack on Ukraine. That is not to say that there is necessarily cause for panic, simply that the effects of cyber conflict can be unexpected, widespread and potentially severe.

At this point, for most companies that are not in a high-risk position as a direct result of the war, the best course of action for risk professionals is to focus on ensuring your company has an updated and detailed incident response plan on hand and distributing it to relevant members of the organization, reviewing and potentially strengthening your general cybersecurity posture, and reminding employees about cyber hygiene.

For example, given the tragic events and breaking developments around the conflict, many may be glued to news or social media. Unfortunately malicious actors are known to take advantage of such situations by posting phishing links on social media with alleged news updates or email scams that purport to collect charity donations. Remind employees about these perils and offer refreshers on how to spot phishing scams and the need to exercise caution with links in emails or on social media.

“In addition to taking a fresh look at plans and other policies within an organization’s cybersecurity risk framework, businesses should consider a few common-sense tips to prepare for a potential cyber incident,” advised Annmarie Giblin, partner at Hinshaw & Culbertson and leader of the firm’s data privacy and cybersecurity practice. Giblin recommended risk professionals take the following steps to boost cyberrisk management efforts right now:

  1. Print out a hard copy of any necessary polices and plans, like the cyber incident response plan, the business’ cyber insurance policy and a contact list for the organization, so you have them available in the event you cannot access your system and need to communicate with employees through alternative methods.
  2. Remind your employees about common cyber scams and reiterate that there will be no retaliation for reporting a cybersecurity mistake, such as clicking on a bad link.
  3. Have key members of the executive team and incident response team set up a secure but alternate method of communication, such as sharing phone numbers or creating a different off system email address to communicate in the event the business’ systems are not available or not trusted.
  4. Keep track of the latest threats and get the research over to your IT team so they can update your firewall, and/or contact the business’ security services provider and make sure they are aware of and addressing these new malware strains.
  5. Evaluate and if possible, test your business continuity plans. Organizations should be asking themselves, “What does the work day look like without access to the business’ systems?” and “How can we still work without any technology support?”

Cyber insurance firm Coalition has put together a guide to basic cybersecurity measures to help organizations—policyholders and otherwise—proactively manage cyberrisk and reduce the likelihood of a cybersecurity incident. The guide provides 10 key steps to help improve cyberrisk management, highlighting the basics of each mitigation measure, tips on how to implement, and even some vendor suggestions for credible options, if desired. Coalition notes this may be particularly helpful for small and mid-sized businesses that do not necessarily have dedicated in-house information security experts, but it could also be worth a look for any risk professional who wants an overview of mitigations that should be in place or ways to fill those gaps. Check it out here: https://info.coalitioninc.com/rs/566-KWJ-784/images/DLC-2020-12-2021-Coalition-Cybersecurity-Guide.pdf

For more resources on cyberrisk management best practices, cyber incident response, cyber insurance considerations, and more, check out Risk Management Magazine’s extensive cyber coverage here. Some of the highlights below can help address key concerns that you—or your board—may have right now, and offer actionable strategies to strengthen your cyberrisk readiness and boost employee cyber hygiene:

Managing Sanctions Risk from Russia’s War on Ukraine

Posted on by

Since Russia began attacking Ukraine on February 24, thousands of people have been killed and over a million people have had to flee their homes, presenting one of the largest refugee crises Europe has ever experienced. In addition to the tragic human losses, the Russian invasion of Ukraine has triggered wide-ranging economic impacts. Among them, the European Union, United Kingdom, United States, Canada, Japan and others have enacted sweeping financial sanctions on Russia in an effort to pressure President Vladimir Putin to end the conflict. These sanctions have targeted Russia’s financial system and its international financial connections by restricting transactions between Russian banks and those in other countries, most notably through the SWIFT global financial network.

The economic impacts of these sanctions will likely affect many industries around the world, whether organizations deal with Russia directly or indirectly through third countries. In a briefing yesterday, global risk consultancy Control Risks discussed some of the risk management considerations and steps companies need to take as the sanctions landscape continues to evolve. According to panelist Henry Smith, partner and head of business intelligence and due diligence in EMEA at Control Risks, there are five key areas risk professionals should focus on to address the risk facing their companies as a result of these sanctions:

  1. What are your nexuses to Russia (including outside Russia)? Organizations need to look at their touchpoints with Russia, including investors and shareholders, lenders and banks, direct and indirect clients, contractual counterparties, and goods and services sourced directly or indirectly from Russia.
  2. Which sanctions apply to your organization?
    online pharmacy azithromycin with best prices today in the USA

    The applicability of sanctions will vary based on your sector, the nationality of the people within the organization, and the currencies you use. It is helpful to note that, currently, there is greater consensus among various sanctions regimes so you may not have to parse through conflicting degrees of severity—consistent sanctions against Russia are being imposed, at least across most Western countries.
  3. What risks are you exposed to? Conduct a risk assessment around which sanctions you are exposed to and whether there are any business activities, relationships or practices you need to end or change in some way. This involves regularly screening Russian counterparties against sanctions lists and undertaking detailed analysis of higher-risk relationships.
  4. How do you respond? Review the implications of any decisions on employees and on contractual obligations, both with direct and third-party clients. Consider any impact winding down activities in one area may have on other business areas. Be sure to engage with regulators, enforcement agencies, banks and insurers for guidance.
    online pharmacy periactin with best prices today in the USA

  5. What do you do as sanctions regimes evolve? Sanctions will change in response to security and political developments over the coming weeks and months, so it is important to stay informed of any communications from authorities.
    online pharmacy reglan with best prices today in the USA

    Review and read guidance from regulators, enforcement agencies, banks and insurers, and benchmark with industry peers to make sure you can still operate effectively.

Overall, when deciding whether to continue doing business with Russia, companies will need to consider both reputational and ESG-based perspectives as well as practical issues around your ability to do business, such as maintaining the working capital required to continue operations and ensuring that goods and services can still move through the supply chain.

Experts expect that the Russia-Ukraine crisis will have a long-term impact on the global economy and many effects of these sanctions may not be felt for weeks or months. Companies will need to remain vigilant in order to stay ahead of the risks.

A Turbulent Year for the Aviation Industry, Despite Improving Safety

Posted on by

MH 17 Wreckage Denis Kornilov / Shutterstock.com

First, Malaysia Airlines flight MH370 mysteriously disappeared in March, dominating the news cycle and baffling aviation experts, government officials and civilian observers alike. This month, three tragedies in short succession have kept the industry in the hot seat. Malaysia Airlines made headlines once again on July 17 after Flight MH 17, a Boeing 777 flying from Amsterdam to Kuala Lumpur, was shot down over Ukraine. It is now the seventh most deadly aviation crash in history. Exactly who fired on the plane remains unclear, as do many questions of insurance, as war has not officially been declared, despite months of fighting in the region. An act of war would exclude losses from insurance coverage, but remaining uncertainty does as well. Plus, “Unless Russia has declared war on Malaysia, that would knock out the exclusion,” RIMS Vice President Rick Roberts told Mashable. But for it to fall under under terrorism coverage, “someone has to certify that the act that occurred wasn’t a mistake—that it was a malicious act.” The already struggling company may not be able to survive this second disaster, or the reputational devastation.

Ten Deadliest Plane Crashes

Tragedy has further plagued the industry this month. On July 23, a TransAsia flight from Taiwan crashed, killing 48. The next day, an Air Algérie flight from Burkina Faso to Algeria disappeared less than an hour after takeoff in the air space over Mali. Approximately 24 hours later, peasants found the plane’s wreckage near Gao, Mali, and French soldiers dispatched to the scene were able to recover a black box, but no survivors.

Despite the string of disasters, there is no evidence that air travel is in any way more dangerous on the whole. In fact, it is safer than ever before. Nearly three billion people fly safely each year on more than 37 million flights, the International Air Transport Association (IATA) reports, and the global plane accident rate fell to the lowest level in aviation history in 2012. Over the past 10 years, both the crash and fatality rates have trended downward, according to statistics from the Bureau of Aircraft Accidents Archives. But, little more than halfway into 2014, the number of people killed in plane crashes is more than double the total for 2013 (991 and 459, respectively).

Based on BAAA data:

Crashes per year

Deaths per year

Looking back even further, this chart from the Wall Street Journal leaves little doubt that the aviation industry has grown drastically safer:

Deadly flights

While 2014 has been more fatal thus far, the overall number of crashes continues to decrease. There have been 70 commercial-plane crashes globally so far, versus 81 for the comparable period a year earlier, according to Aviation Safety Network, part of the Flight Safety Foundation. Further, the four tragedies do not have any common root causes for their failures.

Insurance Changes on the Horizon

International carriers are feeling most of the strain, and that is likely to have serious implications for insurance premiums. “Given the accumulation of losses, including the loss of Asiana Airlines’ Boeing 777 in San Francisco last year, an explosion causing damage to 20 aircraft in Tripoli recently, and this week’s losses in Africa and Taiwan, these will, altogether, put pressure on the global insurance market,” said Robert Hartwig, president of the Insurance Information Institute. “I expect most of the impact to be focused on international carriers, particularly those operating in or traversing parts of the world that I would characterize as ‘hotspots,’ currently experiencing military or political instability. That would certainly include Ukraine, parts of the Middle East, and parts of Africa.”

While the recent spate of tragedies may leave many travelers wary of getting on a plane, American airlines have less to worry about regarding premiums than their foreign counterparts. There have been are no notable losses this year among domestic carriers, or U.S.-based airlines that fly internationally. As Hartwig pointed out, however, “With a few exceptions, they do not tend to traverse many of those hotspots to begin with.”

In Africa and other developing regions, “you identify accidents in many places that would have happened 30 or 40 years ago in the West, because oversight is lagging,” Dominique Fouda, spokesman for the European Aviation Safety Agency, told the Wall Street Journal. “You also see different accidents linked to local conditions.”

Ukraine Crisis Poses Business Disruption Risk

Posted on by

For any organization with involvement in Russian territory, recently imposed sanctions due to the unpopular Crimean conflict introduces new potential complications affecting operations, supply chain, personnel and communications. The federation is becoming more assertive, bold and confrontational in areas ranging from financial investment to geographic dominance. As a result, there is now a legitimate and immediate reason for evaluating the strength of foreign operational resiliency and sustainability in the context of Russian sanctions.

Fundamental Crisis
Recently, the U.S. passed a bill with overwhelming majority to solidify sanctions over Russia for its forced annexation of Crimea. According to the New York Times, the Obama administration listed 17 banks, energy companies, and investment accounts in its attempts to restrict Russian involvement with the United States. These particular sanctions will freeze any assets in the United States and bar U.S. citizens from doing business with the individuals and firms listed. Additionally, the United States will cut off the export or re-export of American-made products to 13 of the sanctioned companies and will deny export licenses for high-tech products potentially used by the Russian military.

Implications for Risk Managers
Among myriad potential disruptions, a dominant cause for concern during the Crimean conflict is now disruption of connectivity, both locally and at scale. Given the nature of the new “cloud economy” and virtual infrastructure most businesses rely upon, one potential impact of Russian sanctions could be to the fragile structure of the new interconnected world.

The shutdown of communications lines means inaccessibility with international operations and IT servers.

buy doxycycline online www.gcbhllc.org/scripts/html/doxycycline.html no prescription pharmacy

A loss of network could be significant and substantial. However detrimental this would be, loss of physical network (such as personnel) can be just as damaging, and planning for consequences of this nature often take far more ingenuity than utilizing a simple off-site data backup center.

The Human Network
People are often the most valued and unique asset an organization must protect. If particular sanctions impede the right of Western workers to hold employment in Russia, this could mean inevitable cuts to staff, layoffs and displacement as the company pursues relocation to an unsanctioned territory.

The case of an international workforce disruption raises other questions for companies to consider. For example, how do we replace people? Can we reassign processes? Is there a way to efficiently cross-train or retrain personnel who are still here?

buy hydroxychloroquine online www.gcbhllc.org/scripts/html/hydroxychloroquine.html no prescription pharmacy

Have we spoken with local managers, contractors, and operation people to find out what is a critical process or component, and what is not?  These questions will give businesses a framework to move forward.

How are Experts Responding?
Methodically outlining potential risks prior to the events actually happening is key obviously, but oftentimes visualizing scenarios of this nature is tricky. It is impossible to predict exactly what will happen, but in a worse case scenario (specifically relating to Ukraine), any fallout between the West and Russia could result in trade sanctions affecting everything from banks, to human resources, to communication infrastructure.

buy rybelsus online www.gcbhllc.org/scripts/html/rybelsus.html no prescription pharmacy

Understanding this and moving forward with a contingent plan of action for Russian operations will create a less threatening situation and a more stabilized outcome for businesses who are affected.

Writing on the Wall
As organizations look for answers among the uncertainty that is currently playing out in Russia and Ukraine, one thing is absolute; businesses survive and succeed in fragile situations when a culture of resiliency is embraced. Contingency plans are useless if there isn’t the knowledge, experience and understanding of how to use them.

Sanctions are nothing new and neither is business disruption due to political conflict, though, if any highlight were to come from the current situation in Russia and Ukraine, it would be the need to proactively respond to imminent threats towards business continuity. In reality, for multinational companies heavily invested in the region at this point, there no longer is a choice.