Will your company\u2019s decision and position on the Russian invasion of Ukraine or their continued presence in the Russian market (or exit from this market) carry with it the prospect of retaliation? The answer, unfortunately, is yes. Decisions, even to decide to do nothing and straddle the fence, carry\u00a0 consequences. Even if the consequences are wrong-headed, unjust and unwarranted, individuals, governments and organizations will make their own interpretations.I\u2019ve spoken to the disruption in supply chains, to threading the needle on exiting or not exiting the Russian market due to Russia\u2019s invasion of Ukraine. In addition, the U.S. government\u2019s effort at outreach to ensure companies have the opportunity to digest and implement advisories being issued by CISA has reached a new level of both urgency and frequency.Supply chains to and from Russia are disrupted by both the sanctions levied upon Russia as well as the decisions of airlines and sea freight companies to exit the Russian market. Some companies have opted to press on, while others have seen their brand banned from Russia and look-alikes pop up (as is the case with both McDonalds and Instagram).Even within the criminal world there have been divisions. Individual criminals taking one side over another has resulted in internal rifts after hanging the internal laundry in the proverbial front yard.For example, a Ukrainian researcher began publishing files from Conti, a Russian\/East European syndicate of cybercriminals. The internal files from the organization include references to the criminal entity being associated with the Russian security apparatus, a claim previously made by the United States. His rationale? \u201cI cannot shoot anything, but I can fight with a keyboard and mouse.\u201dWhile, Jeffrey Carr in his March 22 piece, D-day in Kyiv, discusses his efforts to assist the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) and the expansion of its capability to leverage open-source intelligence (OSINT). He went on to share how satellite provider ViaSat had been taken down via a cyberattack on the morning of February 24. Hours later, GURMO had begun its counterattack against Russian entities.This is in line, though apparently unassociated with, previously discussed steps being taken by the Ukraine government to put together a cadre of information technology professionals to conduct offensive operations. Subsequently, the government of Ukraine noted that it now has over 3,000 participants and is targeting cyberattacks against entities in Russia (public and private). In late March, the Ukrainian Ministry of Defense doxed over 600 Russian officers from within the Federal Security Service (FSB) on the Ukrainian MOD website.Risk of cyber retaliation is realThere should be no doubt that there is a cyber domain to the conflict. More importantly, the potential for being directly affected is real.Trellix, together with the Center for Strategic and International Studies (CSIS), issued a report that highlighted how companies are outmatched by nation-states. This hypothesis makes sense given businesses are resource-constrained and governments are less so, and the results of their survey evidence such:Access to consumer data was the motive for state-backed cyber incidents for 48% of respondents who believe they have been the victims of a state-backed incident.Only 33% of organizations reported reaching out to their customers to disclose a cybersecurity incident.Forty-six percent of respondents believe the personally identifiable information (PII) they hold from their customers is one of the main factors for which they would be targeted in a future cyberattack.Forty-one percent of respondents believe the PII they hold from their employees is one of the main factors for which they would be targeted in a future cyber attack.No surprise, the key players, are those identified in the most recent ODNI Annual Threat Assessment, Russia, China, Iran and North Korea.There is no letting up on the war of words.Russia has taken a page right out of the playbook being used to get the word out on the state of affairs in Ukraine to the general public of Russia with mass SMS and robocalls. In the United States on March 28, Verizon subscribers began receiving SMS messages with embedded links which took the unsuspecting to a Russian media or website. Verizon, responding to The Verge, confirmed it is working to block the spam messages. While in this instance, the recipients were receiving SMS messages ostensibly from themselves, it doesn\u2019t take a rocket scientist to see the point of origin could have spoofed service providers, vendors, or businesses in an effort to discredit or otherwise negatively affect their ability to conduct commerce.Employees as hacktivists a riskThen we have the insider to think about.\u00a0I spoke recently with DTEX Systems\u2019 senior vice president of engineering and cyber intelligence, Raj Koo, and the company\u2019s director of security and business intelligence, Armaan Mahbod, on how the Russian invasion has affected the risk quotient to companies from their insiders. The issue is no longer a hypothetical. Indeed, Koo notes, \u201cWe\u2019ve seen an uptick where company\u2019s employees are generating a huge amount of risk \u2013 in particular when using corporate resources for \u2018hacktivism\u2019 from within the corporate network.\u201dMahbod adds, \u201cDTEX has seen an uptick by individuals who are unhappy with their employer\u2019s decisions and have acted. For example, doxing their boss for taking a position, which they disagreed.\u201dCISOs key communicators to explain company decisionsCISOs are in a unique position of being able to communicate directly to the employee base and highlight the risks of external cyberattacks and misuse of company resources in a straightforward manner. Communication and awareness are key. Prudence tells us that explaining to the employee base why an unpopular decision was taken may well reduce the likelihood that an insider who may disagree with the decision will evolve into an insider with a malevolent bent.On the other side of the coin, as evidenced by the cyberattack against ViaSat, those who are providing goods or services to NATO, European Commission and U.S. governmental entities may also find themselves receiving more than the usual amount of attention by Russian cyber entities. As detailed in the recent CISA Shield Up alerts, companies engaged in infrastructure are firmly within the targeting matrix of Russia.