Ukraine and practical example of cyber resilience: tools and methods the world can borrow for information security

The resilience of Ukraine’s critical infrastructure in the face of active military operations, missile strikes, and constant bombardment exemplifies the country’s capacity to withstand cyber threats. In particular, the Ukrainian IT infrastructure has demonstrated remarkable resilience. In 2023, 1105 cyber incidents were recorded and processed by Ukrainian security analysts, an increase of 62.5% compared to 2022, as reported by the State Service of Special Communications and Information Protection of Ukraine. Therefore, let’s examine the critical elements that contributed to Ukraine’s ability to manage.

Relocation of cloud services and infrastructure overseas

A substantial proportion of Ukraine’s IT resources have been migrated to the cloud. This decision was influenced by the importance of consolidating all data in a single location to facilitate easy access. Imagine a hypothetical situation in which an employee is fatally injured in a missile strike, and the device in question contained critical data. Everything must be migrated to the cloud to prevent data loss.

Furthermore, this methodology is critical due to the absence of a centralized office or network within the primary location. As a result, the absence of a singular nucleus renders the destruction of physical information unattainable.

“Every IT infrastructure and application of an organization is migrating to the cloud.” Thus, the need to safeguard cloud computing and cloud-based applications is increasing. “On-premises physical IT infrastructure continues to diminish.” By Dima Hanzhelo, InDevLab’s CTO.

The optimal course of action for safeguarding valuable information entailed relocating critical infrastructure data to foreign locations, such as Frankfurt or Dublin. The expeditiousness of this process for Ukraine is of utmost importance. In fact, the expeditious transfer of approximately 80% of its IT capabilities overseas in less than a year is remarkable for a nation with a population of 40 million. By transferring operations to alternative geozones, one can reduce the probability of encountering attacks.

Workplace security and restricted employee access to corporate information

Significant corporations have encountered the predicament of compromised data due to corporate espionage and disgruntled employees. Limiting employee access to corporate information is an easy solution.

Management of session coordinates

In a separate instance, an employee’s privileges to access company information were compromised. It is imperative to prioritize the enhancement of workplace security in this context. It is unnecessary to ponder the significance of complex passwords; while two-factor authentication aids in thwarting a variety of intrusions, it is not a panacea. The optimal solution, according to the findings of InDevLab, is a system tailored to corporate accounts that includes “tunnels” delineated in the infrastructure system and specifying the region, IP address, and location from which the employee should access the system to log in. This system provides the organization with protection against external hazards and, as a result, intrusions. Implementing a policy wherein only authorized personnel are granted access to restricted data sets can effectively mitigate the risk of the majority of system breaches.

Multilayer methodology

At present, every employee utilizes their personal mobile devices to carry out organizational responsibilities. Regardless, differentiating between personal and work devices remains essential. It is preferable for the organization to furnish workers with essential apparatus, on the stipulation that it is utilized exclusively for professional objectives.

The obligation to safeguard employee accounts resides with the employer. It is feasible to construct an internal security system that safeguards information by adhering to the Secure Access Service Edge (SASE) principle. This methodology is predicated on a multifaceted approach that integrates data breach mitigation technologies including DPI (Deep Packet Inspection), DLP (Data Loss Prevention), antivirus software, and DDoS protection.

Cyber and informational sanitation

A considerable number of individuals have participated in cyberspace since the inception of widespread intrusion in order to aid the digital front and combat antagonistic IPSO, misinformation, and false news. People are impacted by the abundance of fake news and false information in ways that affect their mental health, worldview, and work productivity. The business and economic sectors are consequently inundated with an excessive quantity of misinformation.

Citizens develop a swift capacity for critical thinking along the lines of “trust but verify” during times of war, which aids in the identification of credible information. In a recent instance of misinformation, cybercriminals phishing emails purporting to originate from the Office of the President and informing recipients that “portions of Ukraine’s territory are being ceded to Russia” were distributed to Ukrainian citizens. Rapidly, the Center for Countering Disinformation detected and debunked this. Ukraine promptly identifies and debunks fraudulent messages.

The distinctive encounter of Ukraine

For example, the Russians utilized eight to ten distinct types of malicious programs or viruses with the intention of eliminating stored data within the initial four months of the conflict. The assaults specifically targeted nearly fifty institutions and enterprises in Ukraine. Momentary operational challenges were encountered in certain instances; however, they were expeditiously resolved. This attack was on an unprecedented scale, surpassing the quantity of pernicious software that Russia had employed in the preceding six years.

Furthermore, information warfare manifests itself in various forms, including overt assaults, deepfakes, misinformation propagated by diverse factions, bot armies (e.g., the notorious “Hellish Flour”), and synthetic content that obscures the truth regarding particular stances on conflicts (e.g., photographs depicting fabricated explosions or artificially generated children possessing unnaturally extra fingers).

Currently, we are able to monitor information and events through the use of open media outlets and analytical platforms (such as Voxukraine.org). Nevertheless, the proliferation of information is posing a growing challenge in terms of filtration. Therefore, the necessity for mechanization in the process of verifying the veracity of information and fiction for information warriors and creative information warfare is already apparent. It is my aspiration that novel filtering tools emerge, capable of scrutinizing data for veracity and the existence of synthesis, or synthetic information. Information hygiene has evolved from a nebulous notion to a critical requirement for efficient communication and business operations in Ukraine, mirroring the global trend toward the implementation of similar policies.

The practical experience of Ukraine demonstrates that it is possible to effectively execute adaptable and pioneering approaches within the realm of cybersecurity. These approaches can inspire the international community to invest in cybersecurity technology and expertise, as well as to foster greater cooperation in the exchange of information and provision of mutual support. Ukraine is ripe with the potential to emerge as a center for cutting-edge products and methodologies within the information and cybersecurity sectors.