Along with my colleagues across Freeths (and indeed in the wider UK legal community) I have been deeply shocked and saddened by the reprehensible and indefensible actions being taken by the Russian government in invading the Ukraine. Our thoughts are with all Ukrainians, their friends and families and all those who tirelessly work to provide aid and support.
The sense of solidarity that we feel for those in the Ukraine doesn’t only stem from our common humanity – it is a distressing fact that even while the physical conflict might be contained within the borders of one country, modern warfare can have international, and potentially even global ramifications through the impact of virtual conflicts and in particular automated cyber-attacks. As noted in the linked article, it has been a somewhat surprising characteristic of the current Russian invasion that it has not been accompanied by the sort of wide-ranging (and indiscriminate) cyber-warfare that has been seen in other recent attacks.
There may certainly be some truth to the fact that Putin thought he could just march into town squares and declare victory and was therefore not focusing too much attention on disabling communication links. But many businesses are anxiously reviewing their cyber-security arrangements, having learnt the lessons of recent history. In 2017 a cyberattack was instigated against Ukraine (almost certainly by Russia) using the NotPetya ransomware. Although this seemed to be an attack which was intended only to target the Ukraine, the malicious software was too effective, and rapidly spread to affect companies globally, including law firms and other businesses with Ukrainian links in the UK.
The ransomware was introduced via a Ukrainian tax preparation programme. The developer of that software was later at risk of being found criminally responsible for enabling the attacks because they had failed to maintain the security of their servers. Since then cyber-security capabilities have come on leaps and bounds, driven in part by the increased emphasis on security and integrity of data under GDPR. But that said, it can be too easy for compliance still to be neglected, misunderstood or considered unimportant compared to other commercial demands. The current conflict is only the most recent reminder of the importance of taking the security of data seriously, and the risks that can be posed by conflicts wherever they may be physically taking place.
If you or your business are concerned about the impacts of the invasion of Ukraine, whether in relation cyber-security, the effect of sanctions, or the practical impact on supply chains, Freeths has published some freely available guidance on our Ukrainian Crisis Exchange: Ukrainian Crisis Exchange - News & Guidance - Freeths Solicitors, or you can contact us at any time.
We don’t know the full extent of the damage done by cyberattacks against Ukraine during the past week, amid the unprovoked invasion and barbaric military assaults by Russia. But judging by the statements of people who actually would know, the cyber strikes against Ukraine so far have, unfortunately, been worse than the public realizes.