The mendacious justification that Russia was only deploying peacekeeping forces in to the “breakaway” Ukrainian regions of Donetsk and Luhansk is undermined by the brazen cyber attacks which have accompanied the invasion. “Peacekeeping” certainly does not involve the deployment of sleeper malware, deployed in the past two months, and activated at the same time that conventional forces attacked. The effects of the Russian invasion of Ukraine have the ability to touch all of us; and for tech companies even more so, through providing another catalyst for further component shortages – a problem which has dogged the sector for over a year now. Firstly we shall talk about global cyber risk; secondly the certainty of more component shortages.
The Russian cyber attacks have been wiping computers across Ukraine, with further cyber casualties reported in neighbouring countries. It’s not like the last wars we have participated in – in the Gulf, or the Falklands, we weren’t concerned for enemy action in the cloud – now it’s a core weapon, and as tech changes war, war accelerates tech. We know gas prices will be going up, but we should also expect websites to go down.
Cyber attacks aimed at any countries participating in sanctions or direct military response are to be expected. National infrastructure is at risk, with the concentration of the big hypercloud providers meaning an attack on a hypercloud hosting a bank or a power or water company, will have collateral damage – don’t be surprised when Spotify, Netflix or Fortnite stutter, for example, if they share the hypercloud location which is under attack. Given their ubiquity, a most devious attack would even try and use them as vectors, were it possible. Let’s hope it’s not.
This is the nature of cyber attacks and risk, where advanced persistent threats (APTs) both confront you from the outside, such as DDoS attacks, or secondary attacks inflicted on your network or service providers; and from within your own network, with attacks based on malicious content deployed through phishing, spoofing and suchlike. Apparently benevolent changes, from trusted updates with faked certificates, turn out to be Trojan Horses for malware. Used by the good guys and the bad guys, you may remember Stuxnet, deployed very effectively by the US and Israel to ensure the Iranian nuclear plants were shut down through infection of 200,000 computers, and consequently 1,000 centrifuge machines tore themselves apart; but this time it’s the Russian army with dedicated regiments which exist purely for these purposes. Cyber attacks are now an essential element of modern warfare.
The key to Cyber defence is thorough detection, rapid remediation, and future mitigation. Board responsibility for ensuring all risk mitigation needs to include cyber: and to do so through real time and constant monitoring, not based on monthly or annual reports, or lacksadaisical update environments. The NHS has historically been particularly at risk, due to its huge, fragmented, and bureaucratic nature, and was badly hit by the WannaCry Ransomware attacks of 2017 – due to unpatched versions of Windows 7, and the total absence, in some cases, even of anti-virus software. Easy pickings.
Risk visualisation is fundamental to risk assessment. Start-ups like RiskRevelation a private company I am involved with, demonstrate how old-fashioned penetration testing needs modern visualisation tools to give an overview of multiple sources of threat data. Typically the customer already has this data – but struggles to aggregate and visualise multiple sources. KRM22’s Global Risk Platform for Capital Markets has a dedicated cyber risk section as part of the core risks (Enterprise, Market, Compliance, Operational and Technology) which a board must monitor on a dashboard – it must not be just the domain of the techies.
There are myriad opportunities on AIM to invest directly in Cybersecurity, which also extends to the managed services stocks where cyber is the logical value add to network provision – to the extent that 6Degrees, a private company, now leads with cyber sales to deliver network services (info care of Megabuyte). If cyber isn’t part of a managed service provider’s offering, it will be left behind. We will resist a list of cyber security and managed services businesses – give us a ring if you want to discuss.
More damaging in the longer term, and a less well-known topic, relates to Ukrainian noble gas supply. Ukraine is a major supplier of neon, argon, krypton, and xenon, supplying nearly 70% of the world’s neon according to www.trendforce.com. Neon is used in the lithography process, which forms a fundamental part of semiconductor manufacture. While there has been some stockpiling, we should expect further reasons for global chip shortages with widespread consequences for slowing growth, or increasing input costs, across the whole sector. All software has to run on something.
Not a happy Tech Chat today. Sorry. Our thoughts are with the people of Ukraine.