|U.S. President Joe Biden delivered remarks about Russia's military operations in neighboring Ukraine, saying the U.S. is "prepared to respond" if Russia pursues cyberattacks against American companies or critical infrastructure.
Source: Drew Angerer/Staff via Getty Images
The U.S. is preparing for Russian cyberattacks as the conflict between Russia and Ukraine escalates, a fact that may spur cybersecurity spending in the near term.
Tensions in Eastern Europe reached a boiling point this week after Russian President Vladimir Putin launched military operations in Ukraine on the evening of Feb. 23. U.S. President Joe Biden on Feb. 24 ordered sanctions to be levied on Russia's financial institutions, military and individual elites, following related moves from the United Kingdom and European Union.
Those sanctions could prompt Russia to respond with cyberattacks on U.S. financial entities and infrastructure, national security experts said, and analysts say the threat of such attacks will drive further investments in the security landscape.
"There is a growing concern that massive cyber warfare could be on the near-term horizon, which would certainly catalyze an increase in spending around preventing sophisticated Russian-based cyber attacks going after datacenters, networks, vulnerability points, and other highly sensitive data," Wedbush analyst Dan Ives, who focuses on tech stocks, wrote in a Feb. 24 research note.
The growing threat of Russian cyber action has underscored the need for organizations to bolster their security investments, Scott Kessler — global sector lead for technology, media and telecommunications at investment research company Third Bridge — said in an interview.
Kessler pointed to statistics from Microsoft Corp.'s October 2021 digital defense report, indicating that 58% of nation-state cyberattacks observed by Microsoft in that past year came from Russia and that such attacks have become increasingly more effective.
"I think that people need to be prepared for not just physical attacks with conventional weapons, but also cyberattacks as part of that process," said Kessler.
Sales in security products have been traditionally driven by the presence of cyberthreats, said 451 Research analyst Eric Hanselman. And he expects that trend to hold true amid the current conflict.
"It's a situation where crises tend to motivate action in buying and cybersecurity. And it seems a reasonable case to make that that's what we'll be looking at as there's heightened awareness," Hanselman said. The cyberwar environment gives security companies a strong incentive to innovate and sell more enterprise-level products, he added.
Ives said the companies most likely to see higher sales in the near term are Palo Alto Networks Inc., Zscaler, Inc., CrowdStrike Holdings Inc., Tenable Holdings Inc., Varonis Systems Inc., Fortinet Inc., Telos Corp., Mandiant Inc. and CyberArk Software Ltd.
"With many high profile cyber security attacks coming from Russia over the past few years, it's a matter of when not if this increased cyber warfare activity kicks into the next gear," the Wedbush analyst said.
Likelihood of attack
Some national security experts agree Russian cyberattacks on U.S. infrastructure are likely.
"If this crisis plays out, there is a not just a high likelihood, but a certainty of greater cyber activity, including targeting private sector actors," P.W. Singer, a senior fellow at New America specializing in 21st century warfare, said in an interview.
The degree and direction to which the attacks play out, however, remains to be seen, he added, noting that the attacks may fall on either financial sectors or supply chains.
Others in the space note that the Russian government takes a calculated approach to cyber warfare.
Despite all its actions against Ukraine, Russia may not have an incentive to intensify attacks against U.S. cybersecurity targets right now, said James Lewis, senior vice president and director of the Center for Strategic and International Studies' strategic technologies program.
Russia has been careful to avoid anything against the U.S. that would qualify as use of force, namely the destruction of critical services or an event that would lead to civilian casualties, Lewis added. It means that, regardless of the intensity of U.S. sanctions, Russia might not want to take any unnecessary risks.
"They'll not do anything that makes it harder for them to manage what they gain in Ukraine," Lewis told Market Intelligence.
But with so much uncertainty around Russian thinking and plans, governmental organizations and private companies alike have to be prepared for unpredictable situations. Robert Lee, founder and CEO of Dragos Inc., said that these are moments when "low probability high consequence" attacks turn into "unknown probability" scenarios.
"We are in uncharted territory and we know that some states, especially Russia, leverage cyber operations in such times as a military and political tool that crosses the bounds of what our imaginations would hope are red lines," Lee said in an email to Market Intelligence.
The Cybersecurity & Infrastructure Security Agency last week issued a "Shields Up" alert in response to the growing Russian threat, indicating that "every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety."
The alert said organizations should be ready to detect unusual network behavior, as well as make sure all software is up-to-date and that all remote access requests are validated with multi-factor authentication, among other things.
Even if Russia does not directly attack large, global companies, there is potential for collateral damage against U.S. organizations that operate in Ukraine, do business with Ukrainian companies or have supply chain presence in Ukraine, Adam Meyers, senior vice president of intelligence at cloud security titan CrowdStrike, said in an email to Market Intelligence.
Meyers encouraged organizations to prepare and adopt a heightened security posture. "As the impact and reactions to the announced sanctions begin to take hold, the intentions of Russian threat actors may shift," he said.
One possible solution would be for companies to implement extended detection and response, or XDR technologies, into their security frameworks in order to protect against threat actors, said Scott Jasper, a senior lecturer at the Naval Postgraduate School in Monterey, Calif., and author of Russian Cyber Operations: Coding the Boundaries of Conflict.
XDR, which integrates multiple security protocols under one roof, would allow organizations to check for anomalistic behavior inside a secure network, Jasper said. He cited Russia's 2018 attack on the U.S. power grid, which was achieved with no malware, but instead with just compromised credentials.
The president in a Feb. 24 press conference reaffirmed the U.S.'s readiness stance against Russian cyber operations.
"If Russia pursues cyberattacks against our companies or critical infrastructure, we are prepared to respond," Biden said. "For months we've been working closely with the private sector to harden our cyber defenses and sharpen our ability to respond to Russian cyberattacks as well."
Broader markets responded unfavorably to Russia's offensive, with multiple broader indices initially diving into correction territory Feb. 23 before recovering some losses following the announcement of new sanctions. The S&P 500 closed Feb. 24 down 1.4% for the week-to-date, while the Dow Jones Industrial Average closed down 2.5% for the same period.
By contrast, the S&P Kensho Cyber Security Index closed Feb. 24 up 2.5% for the week-to-date.
Article updated at 3:00 p.m. ET on Feb. 25, 2022, to include commentary from Dragos Inc.