We have never seen a full-on cyber conflict rage across the world’s digital systems, but if the situation in Ukraine leads to such a thing, CIOs and CISOs will find themselves on the front lines. With escalation patterns uncertain and no “rules of the road” governing cyberwar, any organization risks becoming a casualty. Already, CIOs and CISOs are seeing their roles evolve and enlarge. Steve Cottrell, EMEA CTO at Vectra, discusses their transformational hour.
If events in Eastern Europe presage a protracted, costly conflict, not all combatants will be wearing military uniforms. CIOs and CISOs worldwide will play the parts of anonymous generals, defending their organizations from a barrage of fresh threats in cyberspace.
Already we see the Russo-Ukrainian conflict is in truth is a “hybrid war,” fought partly in muddy fields and rubble-strewn high streets, partly with potentially lethal lines of code. In February, before the kinetic war, Ukrainian critical infrastructure sustained DDoS attacks and destructive assaults from malware identified as WhisperGate and HermeticWiper, both attributed to Russia. Striking back, a global corps of hackers loyal to Ukraine apparently jammed Russian government websites and media channels.
U.S. President Biden is among Western leaders warning that cyberwar may well widen to include Russian attacks on critical assets associated with supporters of Ukraine: “It’s part of Russia’s playbook,” he said. Because we’ve never seen an all-out cyberwar before, there’s no settled view of how things could escalate. But trust me when I say it’s not outrageous to draw a line from hacking Kremlin TV to a malware attack on Heathrow or LAX. What is more, insurers of cyber victims are refusing to cover damages from cyber conflict.
All these factors, this state of virtual combat, elevate both CIOs and CISOs within their organizations -- at least, it should. For cybersecurity professionals who once neutralized comparatively small-bore mischief like MafiaBoy and Melissa, this hour is both disruptive and transformational.
Transformed CIOs are now part diplomat. They were likely already managing cloud migration initiatives and an evolved, distributed workplace. Now they will likely be liaising with sovereign governments on issues of cyber defense, technology control as it intersects with questions of national interest, and looming questions of who controls cyberspace. CISOs, meanwhile, will be not just authoritative technologists, but proactive strategists, people leaders, and evangelists for a fiercer organizational commitment to security.
Though insurance companies may be less than helpful, CIOs and CISOs are far from alone. “As the conflict escalates and cyber risks mount, Vectra AI wants to be part of the solution,” says our CEO, Hitesh Sheth. “We believe that together we can significantly reduce the risks associated with nation-state cyber-attacks.” Shortly after the start of hostilities in Ukraine, Vectra AI began offering complementary support and counsel to organizations feeling vulnerable.
In this uncertain moment full of questions, we believe supporting CIOs and CISOs is part of the answer -- not just to surviving the current crisis, but to the perhaps-permanent demands of an altered cybersecurity landscape.
Achieving a safer, fairer world is our long-term goal. Optimizing the influence and efficacy of CIOs and CISOs right now helps get us there.