Cybersecurity Insights from Ukraine: A Lesson in Resilience and Self-Reliance
In the ongoing struggle against cyber threats, traits such as preparation, resilience, and self-reliance are essential for cybersecurity professionals, as highlighted by former Ukrainian Foreign Minister Dmytro Kuleba. Kuleba, who held the position from 2020 to 2024, shared his insights during a recent engagement at Infosecurity Europe, where he recounted various wartime experiences that resonated deeply with attendees.
Kuleba began his discourse with a striking example that underscores the importance of swift incident response in the face of cyberattacks. He referenced the significant outage experienced by KyivStar, a major telecommunications company in Ukraine, which fell victim to Russian hacking efforts in December 2023. This incident serves as a compelling reminder of the unpredictable nature of cyber threats and the critical need for preparedness.
“You don’t know what and how it’s going to happen, but you can practice, brainstorm, calculate, and prepare so it becomes your muscle memory of how to behave in a crisis situation,” Kuleba articulated. His emphasis on readiness goes beyond mere planning; it involves a deep understanding of one’s operational environment and the cultivation of survival instincts within that context. This proactive mindset empowers organizations to react effectively, even when faced with unforeseen challenges.
Kuleba exemplified his philosophy by revealing that he and his team initiated "strategic planning" for a potential invasion well ahead of time, simulating scenarios where access to online communication tools might be compromised. This preparatory step was instrumental when the actual invasion occurred. “When [the invasion] happened, we evacuated our servers to a safe place abroad,” he explained. Interestingly, the response diverged significantly from the initial plan due to the high-pressure circumstances. Yet, the groundwork laid prior to the crisis enabled swift decision-making and action.
“If you care for your company, you have to prepare for the worst,” Kuleba urged, emphasizing that even if a crisis unfolds differently from expectations, prior preparation instills a sense of instinctive capability. The underlying message is clear: organizations that prioritize planning and preparation are better positioned to recover and thrive amid adversity.
Prioritizing Cybersecurity in Small Businesses
Kuleba also turned his attention to how cybersecurity gains heightened priority among even the smallest businesses in Ukraine, particularly as they navigate the unique challenges presented by the ongoing war. He detailed how Russian operatives have leveraged cyber tactics against Ukrainian officials and their families, employing CRM systems used by seemingly innocuous businesses—such as nail salons, gyms, and barbers—to build profiles on their targets. This insidious use of technology underscores the pressing need for all businesses, regardless of size, to invest in cybersecurity measures.
“If even CRMs can be weaponized, then even the smallest business will have to invest in cybersecurity to protect itself from such a breach,” Kuleba stressed, highlighting an emerging trend among Ukrainian business owners. The security of customer information and operational integrity is not just the responsibility of large corporations; it is increasingly becoming a necessity for small enterprises as well.
In an eye-opening revelation, Kuleba pointed out that the CRM software in question is often of Russian origin, offered to Ukrainian companies through attractive deals over the years. While it remains uncertain whether this connection has aided pro-Russian hackers, the implications are concerning. “Do not trust the products made by your potential enemy,” Kuleba warned. This principle fosters a mindset of self-reliance and caution, encouraging Ukrainian businesses to develop their own systems and tools.
Kuleba concluded his remarks on a defiant note, reflecting on the resilience demonstrated by the Ukrainian populace during what he termed the “worst winter in modern history.” Now, he asserts, Ukrainians are taking proactive steps to emerge stronger. “Resilience is not about being prepared to repair the disruption,” he articulated. “Resilience is your ability to keep repairing the wrecks as destruction becomes the new normal.”
In the face of relentless adversity—whether from cyberattacks, street violence, or a nation seeking to obliterate their way of life—Kuleba’s poignant message resonates: “Giving up does not bring relief. It does not bring the end to your suffering. It only multiplies it.” Through such reflections, he highlights the indomitable spirit of resilience that continues to characterize the response to crisis in Ukraine, serving as a valuable lesson for cybersecurity professionals worldwide.