Ukraine Proves Cyber War Has No Borders

Dark red technological map of the world with luminous dots, global information network on a digital screen

MSSPs are in a unique position to offer organizations increased security as the risk of global, nation-state cyberattacks is on the rise. Many businesses are not prepared to defend against advanced persistent threat (APT) groups who are well funded, proficient, and able to dedicate all their efforts to breaching security. However, companies can enlist the help of MSSPs who provide dedicated threat responders, automated response capabilities, and AI-driven cybersecurity tools to level the playing field. Full-time threat actors demand advanced cybersecurity solutions that offer 24x7x365 proactive defense, and MSSPs can provide for that need.

Recent events provide a prime example of how MSSPs can assist organizations facing cyber risks from formidable threat actors. The Russian incursion into Ukraine highlights a new era in cyber warfare that impacts individuals and organizations around the world. It represents a time when people can no longer rely upon their geographic location to separate themselves from conflict. While the conventional wars of years past were confined to specific locations, today’s battles are also waged across a digital space that encompasses the globe. This point was emphasized recently by Germany and Italy, who released separate statements cautioning users of potential cyber risks associated with Kaspersky software.

The warnings alerted users that the Russian government could pressure Moscow-based Kaspersky to perform cyberattacks, a scenario Kaspersky vehemently denies. Yet, this is not the first time Kaspersky Labs has faced allegations of collaborating with the Russian Federal Security Services (FSB). In 2017, Kaspersky products were banned from U.S. government agencies after the Department of Homeland Security accused the company of cyber espionage. In December of the same year, Britain’s National Cyber Security Centre (NCSC) also issued a warning against using Russian antivirus (AV) products.

The NCSC warning outlined the multiple dangers of using an AV vendor who may be susceptible to malicious influence. Specifically, the nature of most AV solutions requires that the software to be “highly intrusive” within the environment, in order to locate malware. The AV solution must also have a system to communicate its findings back to the vendor, in many cases across international boundaries. For these reasons, the NCSC advises organizations against using an AV company hosted in a foreign nation whose government may become hostile.

From a cybersecurity perspective, the current circumstances in Ukraine favor unscrupulous actors while placing legitimate organizations and citizens at a severe disadvantage. The global digital space is not a place of hard boundaries or easily verifiable national identities. Russia hosts many capable and historically active cyber threat groups. Recent evidence of this grim reality includes numerous destructive cyberattacks targeting institutions in Ukraine. Ukraine, for its part, says hundreds of thousands of IT specialists are assisting their own war efforts. There are also stateless actors, like Anonymous, who have entered the conflict and conducted successful operations against Russian email systems and news channels.

The increased cyber activity from nation states and hacker groups creates chaos that provides cover to threat actors worldwide. Advanced persistent threat groups (APTs) often copy the techniques, tactics, and procedures (TTPs) of other attackers to conceal their own identity. The conflict in Ukraine creates opportunities for APTs to mask their identities, deploy war-themed lures, and better obfuscate their activities while striking targets worldwide. This puts every organization, everywhere, at an increased risk of cyberattack.

Many organizations may be wondering if their legacy AV solutions are trustworthy and able to protect them against modern or nation-state attacks. They may be further concerned that replacing their current cybersecurity toolset will temporarily expose them to increased risks or disrupt operations. This presents an excellent opportunity for MSSPs to offer companies an effective cybersecurity replacement that can gradually be phased in with their current technology.

To that end, the BlackBerry Cybersecurity portfolio offers MSSP partners proven cybersecurity solutions that solve the issues of intrusive, antiquated AV products. BlackBerry deploys advanced artificial intelligence (AI) in multiple configurations, cloud-based and on-premises, to protect your environment, users, and data on a 24x7x365 basis. Our Cylance AI engine is trained on billions of file features, giving it the ability to detect and prevent both known and zero-day malware. Applying this same AI training process to indicators found in network, access, and human behavior patterns allows Cylance AI to recognize countless types of cyberattacks. 

MSSPs offering the BlackBerry Cybersecurity portfolio benefit their customers by providing tools to future-proof their environment at a low total cost of ownership (TCO). These savings multiply when one considers the average cost of a data breach was $4.24 million USD in 2021, while CylancePROTECT prevents 99% of cyberattacks. In other words, every failed cyberattack potentially represents millions of dollars in savings to clients. To further ease the migration to the BlackBerry Cybersecurity portfolio, we offer risk-free monthly billing and a 60-day free trial for new customers.   

Today’s business environment demands cybersecurity solutions customers can rely on to detect and prevent cyberattacks before they cause damage. If you would like to offer your customers a trusted, prevention-first, AI-driven platform, visit our BlackBerry MSSP Partners page today.

Guest blog courtesy of BlackBerry Cylance. Read more BlackBerry Cylance blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.