Tag Archives: Russia

Immediate Vault

Cyberrisk Management Tips for Businesses Amid the Russia-Ukraine War

Posted on by

A wide range of risks are trickling down from Russia’s assault on Ukraine, from sanctions compliance to supply chain disruption to business interruption. Cyberrisk has also drawn considerable concern and the threat landscape continues to evolve rapidly, though the details of increased cyberattack activity are not yet fully known and may be largely unfolding below the surface right now. Attacks attributed to Russia have been launched against a range of targets in Ukraine, including new destructive malware campaigns, targeted information-gathering against a range of civilian and government targets, and attacks on critical infrastructure.

Concerns about escalating cyber activity around the crisis are a vivid reminder of the importance of knowing your threat model and adjusting your risk management priorities accordingly. According to experts ranging from independent cybersecurity professionals to officials at the Cybersecurity and Infrastructure Security Agency (CISA), organizations at greatest risk right now include critical infrastructure, banks and other financial services firms, and of course key service providers in Ukraine or Russia.

Spill-over to other businesses is more likely with cyber conflict, however, particularly given Russia is one of the most advanced and aggressive nation-state cyber threat actors—remember the crippling global attack known as NotPetya that upended supply chains in 2017 resulted from a Russian cyberattack on Ukraine. That is not to say that there is necessarily cause for panic, simply that the effects of cyber conflict can be unexpected, widespread and potentially severe.

At this point, for most companies that are not in a high-risk position as a direct result of the war, the best course of action for risk professionals is to focus on ensuring your company has an updated and detailed incident response plan on hand and distributing it to relevant members of the organization, reviewing and potentially strengthening your general cybersecurity posture, and reminding employees about cyber hygiene.

For example, given the tragic events and breaking developments around the conflict, many may be glued to news or social media. Unfortunately malicious actors are known to take advantage of such situations by posting phishing links on social media with alleged news updates or email scams that purport to collect charity donations. Remind employees about these perils and offer refreshers on how to spot phishing scams and the need to exercise caution with links in emails or on social media.

“In addition to taking a fresh look at plans and other policies within an organization’s cybersecurity risk framework, businesses should consider a few common-sense tips to prepare for a potential cyber incident,” advised Annmarie Giblin, partner at Hinshaw & Culbertson and leader of the firm’s data privacy and cybersecurity practice. Giblin recommended risk professionals take the following steps to boost cyberrisk management efforts right now:

  1. Print out a hard copy of any necessary polices and plans, like the cyber incident response plan, the business’ cyber insurance policy and a contact list for the organization, so you have them available in the event you cannot access your system and need to communicate with employees through alternative methods.
  2. Remind your employees about common cyber scams and reiterate that there will be no retaliation for reporting a cybersecurity mistake, such as clicking on a bad link.
  3. Have key members of the executive team and incident response team set up a secure but alternate method of communication, such as sharing phone numbers or creating a different off system email address to communicate in the event the business’ systems are not available or not trusted.
  4. Keep track of the latest threats and get the research over to your IT team so they can update your firewall, and/or contact the business’ security services provider and make sure they are aware of and addressing these new malware strains.
  5. Evaluate and if possible, test your business continuity plans. Organizations should be asking themselves, “What does the work day look like without access to the business’ systems?” and “How can we still work without any technology support?”

Cyber insurance firm Coalition has put together a guide to basic cybersecurity measures to help organizations—policyholders and otherwise—proactively manage cyberrisk and reduce the likelihood of a cybersecurity incident. The guide provides 10 key steps to help improve cyberrisk management, highlighting the basics of each mitigation measure, tips on how to implement, and even some vendor suggestions for credible options, if desired. Coalition notes this may be particularly helpful for small and mid-sized businesses that do not necessarily have dedicated in-house information security experts, but it could also be worth a look for any risk professional who wants an overview of mitigations that should be in place or ways to fill those gaps. Check it out here: https://info.coalitioninc.com/rs/566-KWJ-784/images/DLC-2020-12-2021-Coalition-Cybersecurity-Guide.pdf

For more resources on cyberrisk management best practices, cyber incident response, cyber insurance considerations, and more, check out Risk Management Magazine’s extensive cyber coverage here. Some of the highlights below can help address key concerns that you—or your board—may have right now, and offer actionable strategies to strengthen your cyberrisk readiness and boost employee cyber hygiene:

Managing Sanctions Risk from Russia’s War on Ukraine

Posted on by

Since Russia began attacking Ukraine on February 24, thousands of people have been killed and over a million people have had to flee their homes, presenting one of the largest refugee crises Europe has ever experienced. In addition to the tragic human losses, the Russian invasion of Ukraine has triggered wide-ranging economic impacts. Among them, the European Union, United Kingdom, United States, Canada, Japan and others have enacted sweeping financial sanctions on Russia in an effort to pressure President Vladimir Putin to end the conflict. These sanctions have targeted Russia’s financial system and its international financial connections by restricting transactions between Russian banks and those in other countries, most notably through the SWIFT global financial network.

The economic impacts of these sanctions will likely affect many industries around the world, whether organizations deal with Russia directly or indirectly through third countries. In a briefing yesterday, global risk consultancy Control Risks discussed some of the risk management considerations and steps companies need to take as the sanctions landscape continues to evolve. According to panelist Henry Smith, partner and head of business intelligence and due diligence in EMEA at Control Risks, there are five key areas risk professionals should focus on to address the risk facing their companies as a result of these sanctions:

  1. What are your nexuses to Russia (including outside Russia)? Organizations need to look at their touchpoints with Russia, including investors and shareholders, lenders and banks, direct and indirect clients, contractual counterparties, and goods and services sourced directly or indirectly from Russia.
  2. Which sanctions apply to your organization?
    online pharmacy azithromycin with best prices today in the USA

    The applicability of sanctions will vary based on your sector, the nationality of the people within the organization, and the currencies you use. It is helpful to note that, currently, there is greater consensus among various sanctions regimes so you may not have to parse through conflicting degrees of severity—consistent sanctions against Russia are being imposed, at least across most Western countries.
  3. What risks are you exposed to? Conduct a risk assessment around which sanctions you are exposed to and whether there are any business activities, relationships or practices you need to end or change in some way. This involves regularly screening Russian counterparties against sanctions lists and undertaking detailed analysis of higher-risk relationships.
  4. How do you respond? Review the implications of any decisions on employees and on contractual obligations, both with direct and third-party clients. Consider any impact winding down activities in one area may have on other business areas. Be sure to engage with regulators, enforcement agencies, banks and insurers for guidance.
    online pharmacy periactin with best prices today in the USA

  5. What do you do as sanctions regimes evolve? Sanctions will change in response to security and political developments over the coming weeks and months, so it is important to stay informed of any communications from authorities.
    online pharmacy reglan with best prices today in the USA

    Review and read guidance from regulators, enforcement agencies, banks and insurers, and benchmark with industry peers to make sure you can still operate effectively.

Overall, when deciding whether to continue doing business with Russia, companies will need to consider both reputational and ESG-based perspectives as well as practical issues around your ability to do business, such as maintaining the working capital required to continue operations and ensuring that goods and services can still move through the supply chain.

Experts expect that the Russia-Ukraine crisis will have a long-term impact on the global economy and many effects of these sanctions may not be felt for weeks or months. Companies will need to remain vigilant in order to stay ahead of the risks.

Ukraine Crisis Poses Business Disruption Risk

Posted on by

For any organization with involvement in Russian territory, recently imposed sanctions due to the unpopular Crimean conflict introduces new potential complications affecting operations, supply chain, personnel and communications. The federation is becoming more assertive, bold and confrontational in areas ranging from financial investment to geographic dominance. As a result, there is now a legitimate and immediate reason for evaluating the strength of foreign operational resiliency and sustainability in the context of Russian sanctions.

Fundamental Crisis
Recently, the U.S. passed a bill with overwhelming majority to solidify sanctions over Russia for its forced annexation of Crimea. According to the New York Times, the Obama administration listed 17 banks, energy companies, and investment accounts in its attempts to restrict Russian involvement with the United States. These particular sanctions will freeze any assets in the United States and bar U.S. citizens from doing business with the individuals and firms listed. Additionally, the United States will cut off the export or re-export of American-made products to 13 of the sanctioned companies and will deny export licenses for high-tech products potentially used by the Russian military.

Implications for Risk Managers
Among myriad potential disruptions, a dominant cause for concern during the Crimean conflict is now disruption of connectivity, both locally and at scale. Given the nature of the new “cloud economy” and virtual infrastructure most businesses rely upon, one potential impact of Russian sanctions could be to the fragile structure of the new interconnected world.

The shutdown of communications lines means inaccessibility with international operations and IT servers.

buy doxycycline online www.gcbhllc.org/scripts/html/doxycycline.html no prescription pharmacy

A loss of network could be significant and substantial. However detrimental this would be, loss of physical network (such as personnel) can be just as damaging, and planning for consequences of this nature often take far more ingenuity than utilizing a simple off-site data backup center.

The Human Network
People are often the most valued and unique asset an organization must protect. If particular sanctions impede the right of Western workers to hold employment in Russia, this could mean inevitable cuts to staff, layoffs and displacement as the company pursues relocation to an unsanctioned territory.

The case of an international workforce disruption raises other questions for companies to consider. For example, how do we replace people? Can we reassign processes? Is there a way to efficiently cross-train or retrain personnel who are still here?

buy hydroxychloroquine online www.gcbhllc.org/scripts/html/hydroxychloroquine.html no prescription pharmacy

Have we spoken with local managers, contractors, and operation people to find out what is a critical process or component, and what is not?  These questions will give businesses a framework to move forward.

How are Experts Responding?
Methodically outlining potential risks prior to the events actually happening is key obviously, but oftentimes visualizing scenarios of this nature is tricky. It is impossible to predict exactly what will happen, but in a worse case scenario (specifically relating to Ukraine), any fallout between the West and Russia could result in trade sanctions affecting everything from banks, to human resources, to communication infrastructure.

buy rybelsus online www.gcbhllc.org/scripts/html/rybelsus.html no prescription pharmacy

Understanding this and moving forward with a contingent plan of action for Russian operations will create a less threatening situation and a more stabilized outcome for businesses who are affected.

Writing on the Wall
As organizations look for answers among the uncertainty that is currently playing out in Russia and Ukraine, one thing is absolute; businesses survive and succeed in fragile situations when a culture of resiliency is embraced. Contingency plans are useless if there isn’t the knowledge, experience and understanding of how to use them.

Sanctions are nothing new and neither is business disruption due to political conflict, though, if any highlight were to come from the current situation in Russia and Ukraine, it would be the need to proactively respond to imminent threats towards business continuity. In reality, for multinational companies heavily invested in the region at this point, there no longer is a choice.

Meteorite Injures 950+ in Russia

Posted on by

Just one day after we posted about an asteroid coming dangerously close (in NASA’s terms) to earth today, we awoke to news about a meteorite streaming through the sky over Russia’s Chelyabinsk region. So far, it is estimated that the shockwave has caused severe damage to property and just under 1,000 are reported injured, though that number continues to climb.

As NBC reports:

The meteor, which was reportedly 10 tons, cut a blazing ribbon across the horizon, leaving a long white trail in its wake that could be seen 125 miles (200 kilometers) away in Yekaterinburg. The Russian Academy of Sciences said in a statement that the space rock entered Earth’s atmosphere at a speed of at least 33,000 mph, according to the AP. Some authorities in Russia, however, have said that the event was a meteor shower, and not a single meteor.

The following amateur videos are, to say the least, shocking.

And the destruction was documented in an online photo album.

USA Today published an interesting Q&A on the topic, which may help clear up some misconceptions about meteorites.

This wasn’t Russia’s first encounter with a massive meteorite. On July 30, 1908, a devastating explosion occurred in the skies over Siberia with the strength 1,000 times that of the Hiroshima blast at the end of WWII. Today’s blast in Russia is now the second largest meteorite to hit earth. The 1908 event ranks as first.

A clip from the History Channel explains:

This is one random, black swan even that unfortunately cannot be prepared for. As Editor in Chief Morgan O’Rourke pointed out in a 2011 piece in Risk Management, “If a large space rock chooses to head our way there really isn’t much we can do about it, regardless of Bruce Willis’ formidable skill set.” Wired backs that up, stating, “All the advanced air defenses that humanity has invested in? The interceptor missile that are (sometimes) able to stop an adversary missile from impacting? The early-warning monitoring systems that are supposed to give humanity enough time to plan a response? They are useless, useless against a meteorite onslaught.”

No need for risk management here.