When the world learned that Russia had invaded Ukraine in late February, outside observers expected a heavy dose of cyberattacks to play out in the invasion\u2019s tactics. But to many people's surprise, the cyber-attacks have been limited and targeted rather than widespread. Russia certainly has demonstrated its cyber power and capabilities in the past; a key example was the 2016 incident in which Russian hackers took out Ukraine\u2019s power grid. \n\nSo why hasn\u2019t Russia madelarge-scale cyberattacks a top priority over the last five weeks? \n\nWe know that the GRU (aka Russian Main Intelligence Directorate, not the character in Despicable Me) was involved in the Disruptive Denial of Service (DDoS) attacks against the Ukraine financial sector in mid-February. Another cyberattack, as reported by The Washington Post, hinted that Russian military spy hackers attacked a key satellite broadband service. According to U.S. intelligence experts, this cyberattack did cause a disruption in Ukraine\u2019s military communications efforts last month.\n\nAre more cyberattacks coming?\n\nIn preparation for an escalation of cyberattacks on U.S infrastructure, the White House put out a statement that suggested Russia could conduct malicious cyber activity against the United States. The White House urged each at-risk U.S. company to \u201charden its cyber security defenses \u2026 to strengthen the cybersecurity and resilience of the critical services and technologies Americans rely on.\u201d \n\nDespite these fears and expectations, little serious activity has occurred. One reason is the Russian government and military assumed that victory would be straightforward and swift, and physical force would be the only means necessary. As a result, cyberattacks, and their complex planning and implementation, would not be required. \n\nA second scenario is that even as the war has dragged on, restraint in the area of cyber warfare has prevailed. A major Russian cyberattack against the U.S or NATO would potentially lead to engaging these formidable forces in a much more meaningful way. \n\nAnother school of thought is that our defenses are actually better than many people assumed. Beyond the U.S. and our NATO allies, even the Ukraine\u2019s defenses are much more solid than they were six years ago. Ukraine spent time and money to shore up its cyber defense structures in the aftermath of their past experiences with Russian hackers attacking their power grid in 2016. \n\nSome have also speculated that the crowdsourced force of cybersecurity talent both inside and outside of Ukraine have helped provide a level of protection against Russian attacks. At the same time, we know that a large number of hackers have come together to aid the Russian effort. \n\nIt is this group of unorganized, decentralized, hackers that have likely created the most activity over the past month and a half, and will continue to do so. However, it is the organized, advanced cyber weaponry of a government-backed entity that could create the greatest damage. And it isn\u2019t just Russia we should be looking at, considering there is evidence to suggest China coordinated hacking attempts on over 600 websites belonging to the defense ministry in Kyiv along with medical and education institutions leading up to the invasion.\n\nMany experts would say that more attempts are still coming, that advanced attacks take extensive planning, coordination, and implantation time, and that they are still being formulated against us.\n\nSo no matter which scenario or scenarios hold true, CISOs need to stay more vigilant than ever to protect against these threats emerging from both the hacker community and government-backed organizations.\n\nProtect the network and cloud systems\n\nPlanning for a potential worst-case scenario is always top of mind for those who work in security roles \u2013 now more than ever. While there are many attack vectors, one logical and straightforward strategy would leverage compromised credentials from key employees of your organization. The adversaries have unfettered access to your systems and can go after your internal or cloud-based infrastructure, taking it offline. \n\nHow can you better protect your firm against such an attack? Consider these four practices:\n\nSeveral different industry organizations are involved in data sharing, like IT-ISAC and ISAOs, but this activity can also take place on a more grassroots level. For example, you can set up a private Zoom call with a few peers in the industry to share information. You\u2019ll be surprised with the knowledge you\u2019ll gain and how eager some are to share what they know in this area. \n\nSome experts have called for more (or less) government intervention in cybersecurity matters. However, I think that\u2019s a topic for another article. \n\nIn the meantime, we as industry leaders need to step up our corporate defenses and keep tabs on our partners for new and evolving security risks. It can only help us as information architects to build the most powerful framework against any possible cybersecurity risks.