The UK government’s announcement that the Russian military intelligence service GRU is behind a string of cyberattacks has rocked the world of politics. But with Russian cyberattacks unlikely to slow in pace and seriousness, businesses need to take note.

The announcement, which has been described as “unprecedented” by cybersecurity experts, saw the UK government point the finger of blame firmly at GRU, with the UK’s National Cyber Security Centre (NCSC) identifying with “high confidence” a string of attacks that the intelligence service was “almost certainly” responsible for.

These included the 2016 hack on the US Democratic National committee, and the 2017 release of confidential medial files of high-profile athletes.

The NCSC accused GRU of “indiscriminate and reckless cyberattacks targeting political institutions, businesses, media and sport”.

Hours later, the US appeared to back the UK government’s position by changing seven Russian intelligence officers over a string of cybersecurity attacks.

Russian cyberattacks announcement: unprecedented confidence or just another tactic?

In making the announcement this morning, the UK government positioned itself as a moral superior to Russia, with Foreign Secretary Jeremy Hunt calling the country our for “reckless and indiscriminate” behavior.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“These cyberattacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport,” he said.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

For some cybersecurity experts, this overt calling out of something that has long been known to happen was a sign of certainty from the UK.

“It is unprecedented that the government should so overtly point the finger directly at the GRU. They must be very confident of their facts, either due to some sort of technical ‘fingerprint’ in the attack vectors themselves, or perhaps through corroboration from various other intelligence sources,” commented Malcolm Taylor, former senior British intelligence officer and director of Cyber Advisory at ITC Secure.

However, others were more skeptical of the announcement.

“This coordinated rehashing of hacks that have previously been attributed to Russia is nothing more than a political stunt to make it appear to certain domestic constituencies that governments are taking the Russian cyber threat seriously,” said Ross Rustici, senior director, intelligence services, Cybereason.

“The NCSC report is akin to a sports team’s game tape: here are all the plays Russia has run in the last two years that they have been successful with.

Far more to come from Russia – and the West needs to step up its game

While the announcements are playing out in the press as an apparent line in the sand, cybersecurity experts do not believe it will do anything to mute Russian cyberattacks.

“This latest round of public announcements is going to do little to influence how Russia operates,” said Rustici.

“The fact that almost everything that is being discussed today is a demonstration of Russia’s effectiveness in this space only shores up their confidence in using these techniques as a way to influence and undermine European and American preferred outcomes.”

Concerningly, many feel that Russia remains superior to the West when it comes to cybersecurity capabilities. Rustici argues that it is this that the US and UK should be focusing on improving, rather than making a show of standing up to Russia.

“There is no indication that the collective US/UK governments have evolved their defenses faster than the Russians have changed their hacking methodology,” he said.

“It is unlikely that Russia will change its operations because, fundamentally, they have been resoundingly successful.”

The West’s failure to act

Furthermore, he argued that the failure of Western nations to agree upon acceptable rules of engagement has actively contributed to the current situation, in part because the UK, US and their allies also wanted to keep their ability to engage in cyberattacks. The result is an unchecked situation where businesses find themselves in the firing line.

“The UK’s attempt to cast Russia as a malign international actor falls into the category of too little too late,” he said.

“There are no norms when it comes to acceptable use of cyber capabilities. Each country has its own definition of what it will tolerate and what it won’t.

“The United States and its allies failed to create a consensus around the acceptable use of cyber capabilities by countries, in part because they wanted to preserve their own freedom of action in this space. Now, it is too late to put the genie back in the bottle and we all must suffer the consequences of an unrestrained cyber capability.”

Businesses in the firing line

For both Russian and Western businesses, there are reasons to be concerned over the bubbling cyber warfare, with Jeremy Hunt warning that Russian businesses were also being harmed.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” he said.

This can be seen in Russian cybersecurity provider Kaspersky, which has lost considerable western business over the past year.

For Western businesses, this is a wake-up call about the fact that cybercriminals are not the only threats waiting in the digital world.

“The mention of western businesses as targets should also be a reminder that foreign intelligence services do engage in commercial cyber espionage and we all need to take appropriate steps to manage that risk,” said Taylor.

It also indicates the need for businesses to work with other groups, including the government, to ensure their safety.

“Today’s announcement by the UK government highlights a growing need for public and private sectors around the world to work together to detect, defend and dissipate the rising volume and ferocity of cyberattacks,” said Bill Conner, CEO of SonicWall.

“Countries and organisations alike must prioritise the protection of their critical infrastructure, elections, energy supply chains, intellectual property and financial systems from those seeking to exploit them in this cyber arms race.”

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up