As the conflict between Russia and Ukraine wages on, organizations worldwide are starting to feel the impact. Not only is the global economy in a state of uncertainty, but the conflict has triggered a global supply chain shortage, with 25 countries dependent on Russia or Ukraine for exports including wheat and muslin, coal, petroleum gas, barley, crude petroleum, and maize.
As the rapidly escalating conflict bodes to cripple the global supply chain and develop new cyberthreats, organizations need to be prepared to mitigate risks, both in terms of supply chain shortages and in terms of enterprise security.
The semiconductor shortage
One of the biggest disruptions that enterprises need to be prepared to address is the semiconductor shortage, with experts identifying that there will be a microchip shortage due to Ukraine supplying 90% of the U.S.’s semiconductor-grade neon. This means any organization that relies on semiconductor circuits will be at risk of shortages.
The semiconductor shortage wasn’t triggered by the Ukraine crisis, but the COVID-19 pandemic, which ground supply chains to a halt. However, given the prolonged stress in the industry, it’s unlikely that the semiconductor shortage will be averted by the end of this year.
As a result, organizations are under pressure to respond if they want to minimize business disruption.
KC Quah, senior director analyst for Gartner’s Supply Chain, recommends that in the short term, organizations can opt to pay a premium for semiconductors or use distributors and brokers to obtain supply.
In the long term, Quah recommends redesigning products with more accessible common components, moving to logic ICs, and co-engineering with other brands to decrease reliance on semiconductors.
Implementing risk management against cyberattacks
In the face of this instability, Gartner’s chief of research, Chris Howard, recommends that enterprises should gather subject-matter experts from operations, finance, IT, supply chain, Human Resources, legal and marketing to identify investments and controls to manage threats and impacts.
One of the most significant threats is that of cyberattacks. While many of the impacts of the Ukraine conflict are difficult to predict, Ukraine and the U.S. have already fallen victim to cyberattacks perpetrated by groups associated with the Russian state in the run-up to the invasion.
With organizations like the U.K.’s NCSC warning enterprises about the risk of Russian cyberattacks, it’s safe to assume that a wave of new digital threats will emerge throughout 2022.
One of the simplest ways that enterprises can implement risk management of these new cyberthreats is to leverage threat intelligence that’s customized according to their organization.
“Expect attackers to leverage the situation as content for already-known attack techniques such as targeted phishing. Focusing on what you can control. Increase awareness and vigilance to detect and prevent potential threats, but be mindful of the heightened stress and pressure your organization is feeling,” Howard said.
The Chinese data security law
To make matters more complicated, the Chinese data security law, which came into effect in September 2021, has also imposed new regulations on how organizations can store and transfer data, with a complex framework that determines what data can be collected and stored according to a classification level.
The law’s requirements are another disruptive entity for enterprises, as non-compliance can lead to Chinese authorities imposing fines of up to 500,000 yuan ($79,142.72 USD) and demanding remedial measures.
It’s worth noting that if an organization fails to comply with these measures or suffers from a data breach, then there is a much more severe fine of up to 2 million yuan ($316,570.90 USD).
So while organizations get to grips with new cyber threats, they need to be aware that there’s less margin for error when protecting the data of Chinese citizens. These regulatory requirements add to the long list of requirements that organizations have to address in the post-GDPR era.
