What President Joe Biden’s Russia Sanctions Mean for U.S. Tech
The SolarWinds hack that was revealed in December is one of the most recent high-profile indicators that cyberattacks continue to pose a threat to companies, organizations and governments the world over. On April 15, President Joe Biden announced sanctions to penalize Russia for its suspected role in the cyberattack — and the resulting implications could be significant for technology companies.
This hack was perpetuated by fairly sophisticated hackers who gained access to certain U.S. government data and many large organizations through attacking SolarWinds, a software and IT service provider for the end-target (in this case, the federal government). While the full extent of the hack is still being investigated, initial reports from the U.S. government estimate that approximately 16,000 computer systems were affected. The April statement from the White House said that the U.S. intelligence community has “high confidence in its assessment” of attribution to the Russian Foreign Intelligence Service.
The new sanctions bar domestic financial institutions from purchasing Russian sovereign debt issuances. Additionally, Biden announced sanctions against six Russian technology companies: Positive Technologies, AST, Neobit, Pasit, SVA and ERA Technopolis.
The Implications for U.S. Tech Companies
These are the first U.S. cybersecurity retaliation sanctions of their kind against Russia, and the implications are important because technology companies aren’t able to fight global cybersecurity wars on their own. The sanctions also impose economic penalties for Russia, which could make the country think twice before a future cybersecurity attack on the United States. Following these sanctions, Russian 10-year yields fell, as highlighted in red in the chart below.
In the face of threats from sophisticated hackers, the ability of a technology company to secure its data is paramount — and this is even more crucial given the continued digitization of the economy. But there are limits to what a technology company can do to secure its data, which is why the government stepping in with these sanctions is important for the continued growth of U.S. technology companies. The cybersecurity breach’s headline risk for a technology company is significant. The sanctions against Russia could be a playbook for the U.S. and how it chooses to handle any future attacks by other countries as well.
U.S. Companies Must Beef Up Cybersecurity Practices
Even though cybersecurity software might not be able to protect an organization from the most sophisticated of cyberattacks, tech companies should ensure that their cybersecurity measures are continuously evolving to keep up with the changing threat landscape.
Phishing awareness training for employees, upgrading cybersecurity protocols and assessing new risks that stem from more employees working remotely are all of utmost importance. Many companies continue to migrate their data from on-premise servers to the cloud, which can enhance data security, and in recent years more businesses have taken out cybersecurity insurance policies.
But the SolarWinds hack also highlighted the importance of understanding how a tech company’s customers might heighten the cybersecurity risks for the tech company itself; if hackers are after data from high-profile end-targets such as the U.S. government or other prominent entities, tech companies need to make their security systems more resilient if they are going to effectively serve such customers. Companies across all segments of the economy need to protect their data, but the tech sector is unique in terms of the vast amounts of customer data companies in this space have access to. This makes some tech businesses highly attractive targets for hackers.
5 Ways for Companies to Protect Their Data
Much in the same way that companies need to assess the risks of third-party vendors they work with, tech companies that provide such third-party services need to be vigilant about how this work can raise their risk profile. Here are five things tech companies should do to protect their data.
Assess your data. Technology companies need to understand how data is stored within the organization and what preventative measures the company has in place to protect the data from cybercriminals. Technology companies grow and evolve quickly, so it is especially important to ensure that their policies in place to mitigate against the risk of a cyberattack are robust.
Consider cyber insurance. Nowadays, it is often not a matter of if a company will be a target of a hack, but when. While a cyber insurance policy can’t reduce the headline risk of a hack, it can help remedy the situation when it happens. Because not all cybersecurity policies are the same, it is important for tech companies to carefully evaluate their policy options to ensure they find one that meets the scope of their needs.
Train your people. While C-suite level employees and other more senior executives might more often be targeted by a cyberattack, training on good cybersecurity hygiene is important for employees of all levels. Periodic training in this area can help keep the topic top of mind for everyone.
Move to the cloud. For years now, cloud platforms have provided a secure and effective data storage solution for technology companies. Adobe was one of the first technology companies to migrate to the cloud back in 2014. Ever since then, more and more technology companies are making this shift away from storing data on-premises and instead seeking out the greater security benefits of the cloud.
Plan to respond. How does your technology company respond to a hack? Rather than waiting for a hack to find the answer to this, now is the best time to plan for what the company’s response will look like. Effective planning on this topic can help a company react swiftly to a hack, quickly determine the extent of the hack and remedy the breach.
All of these actions should be foundational in the way technology companies operate to steel themselves against cyber threats. Even with such measures in place, however, companies can still fall prey to highly sophisticated hackers like those involved in the SolarWinds breach. It’s for this reason that Biden putting sanctions on Russia is a meaningful move in support of U.S. tech companies and the U.S. economy more broadly.