On February 22, 2022, U.S. Department of Homeland Security Secretary Alejandro Mayorkas warned critical infrastructure organizations located in the United States of possible cyberattacks by Russian state-sponsored actors in retaliation for sanctions imposed by the United States in response to Russia’s invasion of Ukraine. While critical infrastructure, such as banks, power plants, water treatment facilities, transportation systems, healthcare organizations, and communication systems would undoubtedly be high-priority targets, businesses involved in the stream of commerce for these organizations should also be on high alert and immediately take measures to anticipate and defend against such attacks. These organizations include security software and service providers (recalling the SolarWinds attack), those in the food industry (including farmers, farming equipment, and food packing), and other industries that represent a significant portion of the U.S. economy or whose failure would have a significant impact on U.S. residents. Few industries are not in the crosshairs of a cybersecurity attack.
Developing a mature cybersecurity program could take months, if not years, and cost millions of dollars. Given the public warning and the history of state-sponsored cyberattacks, businesses that do not assess and prepare for the threat are not only vulnerable to such attacks but also are exposed to potential liability in civil actions if that vulnerability concerns consumer data. However, there are some measures that organizations can deploy immediately to help defend against this increased threat.
Even the most mature cybersecurity program cannot protect against all threats. Organizations that have a security program should take the opportunity to review their security measures and update them as necessary. For other organizations who may not yet have developed a cybersecurity program, the above measures may help reduce the likelihood of an attack from all threat actors, including Russian state-sponsored actors, and assist in responding if any such attack occurs. For more information about security measures that your organization can deploy or for assistance in responding to a cybersecurity attack, please contact any of the partners or senior counsel in Foley’s Cybersecurity Team. In the event of a cybersecurity incident, Foley’s cybersecurity team can be reached through our 24/7 cybersecurity incident hotline at (844) 4BREACH or firstname.lastname@example.org.
As the Russia-Ukraine war continues, so too do new business and legal implications for companies around the world. For more information on how to mitigate risk and protect your business, contact a Foley lawyer today.