Matthieu Garin
Matthieu Garin

Given that Ukraine is a key global delivery location for IT and engineering R&D services, the conflict has introduced widespread uncertainty and significant concerns for companies operating in the country and the region.

With an imminent risk of cyber attack and a potential breakdown of internet and telecommunications systems in Ukraine, and of cyber attacks spilling over and causing collateral damage in neighboring countries, many clients have reached out asking about urgent cyber actions to put in place.

The more your company has ties with Russia or Ukraine the more it concerns you. But even if it doesn’t, there are still some crucial steps to take.

7 Urgent Cyber Actions for Companies to Take


Hunt down and monitor all available indicators of compromise (IoCs) on current or recent cyber attacks (e.g., HermeticWiper, Whispergate, IsaacWiper, etc.)

Hunt and monitor all known IoCs for groups that have publicly indicated their support for Russia (e.g. Conti, Sandworm, Red Bandits, Stormous, etc.)

If not done already, deploy endpoint detection and response (EDR) on workstations and servers – it remains the essential tool to prevent a myriad of attacks. Now is the time to step up.

Set up the discussion with your top management to keep versus replace Russian security tools. It is obviously a cyber risk issue, but also think about the ability to maintain the tools with the sanctions. You could risk not having any EDR in 2 weeks!

Some customers are actively working on disabling all privileged accounts used in Russian perimeters (at least enhanced monitoring). But do consider the message you will send back to the employees by doing so.

At the very least, anticipate the need for network isolation of Russian and Ukrainian entities. This means creating a red button that can be activated in a few minutes (e.g. routers, firewalls).

Assess the risk of a compromised active directory (AD) on Russian perimeters. In case it is too interconnected with the Group, AD isolation should be considered, which is a very complicated topic.

In the longer term, we already know this conflict will have a huge impact on cybersecurity models. We will have to consider digital borders within companies, which means less interconnected information systems (IS), which are easily isolable. It may be necessary to work by “allied block,” following geopolitics very closely.

Every company will have to integrate digital sovereignty into its strategy.


Let our cybersecurity experts support you in assessing your company’s cyber risk profile and upgrading your cybersecurity strategy.


Matthieu Garin

Matthieu is a Partner within the Cybersecurity and Operational Resilience Practice, Wavestone Global. He is in charge of business development, major engagements, and complex bid management in the UK and France. He has extensive knowledge and expertise in new security models, ensuring digital transformation while reducing risks, and identifying the smartest approach to compliance with laws, regulations, and industry standards.

5 Actions to Improve Your Data Loss Prevention Efforts

May 26, 2022

Take care of these five factors to ensure your data loss prevention efforts succeed, prevent data leakage, and protect your critical and sensitive business data.

Losing the Cyber Talent War? Try These Moves to Get Back on Top

May 18, 2022

Learn about the critical moves that HR must make in the hiring, training, retaining, and upskilling of cyber talent necessary for a robust cybersecurity strategy.

Have a Question? Just Ask

Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.

Ask Wavestone