IT Security in Conflict Zones is complex
When numerous small organisations or large private organisations face cyber-attacks from state-backed criminal hacking-groups a lot of harm can be done. These can take the form of supply-chain attacks such as the worldwide damage Solarwinds experienced, or targeted attacks on infrastructure such as Ransomware or Phishing attacks.
Ransomware and Phishing attacks can be done in high volumes and at scale, targeting particular industries or types of businesses. Key-stakeholders within a business are often juicy targets for cyber-criminals because of their increased presence in business circles and the nature of having to be accessible in order to run a business.
Modern businesses operate 24/7, email systems are often publicly accessible and end-user devices and servers especially have high-uptime – meaning they are also at risk of external actors intending to cause you harm.
Good security can still be achieved in complex environments
Many organisations are able to work successfully in complex environment, achieving a multi-layered security model at a competitive price. It is also the case that you do not need to run a governmental organisation in order to achieve great things in conflict zones.
Being practical about risk, identifying and planning for the core operations and securing those systems before going into business in conflict zones is critical. Without any planning or visibility of your systems you will be unable to run a business securely, and with heightened risk in the cyber domain this will in turn prevent you from running a business at all.
Many large organisations effectively self-insure on cyber security risks despite holding sensitive information about staff and customers, this is a major failure of leadership and will cost even the smallest businesses tens of thousands of pounds in lost business and reputational damage.