Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

A Ukrainian Company Shares Lessons in Wartime Resilience

The CTO of MacPaw provides a case study in planning for cybersecurity and uptime in the face of armed conflict.

8 Min Read
The gothic cathedral of St. Nicholas in Kyiv, Ukraine on a sunny summer day, with one big cloud in the blue sky
Source: GpPhotoStudio via Alamy Stock Photo

Preparing a company and its employees for resilience in an area of potential combat takes a level of preparation and planning beyond the typical business continuity planning. Not only are there elements of physical safety to consider, but in these modern times adversaries are also likely to wage cyberwarfare against companies in targeted regions.

Dark Reading recently caught up with a technology leader who is living this reality in Ukraine. As the CTO of MacPaw, Vira Tkachenko has been an integral part of the executive team tasked with keeping the Kyiv-based software company profitably running through the turmoil of the past two years. Headquartered in Ukraine but with offices in the US and other parts of Europe, along with distributed workers worldwide, MacPaw is an international firm that develops utility and security software for macOS and iOS users. It's best known for its CleanMyMac and Unarchiver apps.

In late 2021, Tkachenko and her colleagues at MacPaw were closely following news and intelligence sources to keep tabs on the risk of war, and they started to seriously develop contingency plans.

"We saw satellite images with military vehicles and all this preparation, and we started considering that we need to do some preparation," she explains. "So we had some plans before the actual outbreak in February 2022. Speaking truly, we hoped nothing would happen and thought it wouldn't happen — because it's 2022 and it shouldn't be like this. But it did happen."

It has been 20 months since the full-scale Russian invasion of Ukraine, and MacPaw remains operational and continues to develop and support software for customers worldwide. Approximately two-thirds of the company's workforce is still in Ukraine.

Tkachenko shares here some of the details of how she and her team have navigated through these past months. Her experiences offer fellow security leaders in other hot zones insights on how they might want to think about wartime cyber resilience.

Create an Emergency Team

Around two months before the actual outbreak, MacPaw created a special group, mostly comprising executive team members like Tkachenko, plus stakeholders from information security, general IT, product teams, and finance. The goal was to get a well-rounded task force that could do scenario analysis and think about ways to mitigate the biggest risks — essentially, threat-modeling the business for wartime — to keep critical systems operational.

"The emergency team was two people from each product and people from the finance team, some people from the infrastructure team, and from IT, and two people from information security," she explains. "And for those people, they were aware that this is their new responsibility, and we ask them if ... it's possible to maybe leave Ukraine or move to the west of Ukraine to be in more safe areas."

Set Your Priorities

From the outset, MacPaw prioritized the physical safety and security of employees above all else. Overlaid with that, though, was the understanding that while customers may empathize when a company takes the brunt of adverse situations, they typically still expect to receive the services that they paid for. If a company is unable to deliver — be it because of floods, earthquakes, or acts of war — employees and the organization suffers twice, first from the initial destruction of unfolding events and second from the existential threat to business viability in the long run.

"Our first business priority was the safety of our team," Tkachenko explains. "But our first information security priority was for our customers. They care what happens because it's war, and it's a huge deal. But still, they expect that the services they bought should operate."

Harden Your Headquarters

While most of the preparations Tkachenko describes here are about technology resilience, because of the company's focus on employee safety it's important to note that one of the first fundamental preparations the emergency team made was for logistics on the human safety side. MacPaw prepared emergency bags for personnel that included first-aid kits, sleeping bags, and even food if they needed to evacuate or shelter in place at the office.

The Kyiv headquarters was identified as the company's main resilience spot. The firm put in place a powerful diesel generator, secured emergency water supplies, and prepared for employees to potentially shelter in the office should shelling make it safer to be there than at home.

Bolster Power and Connectivity Options

As the emergency team surveyed the potential risk scenarios, they quickly saw that as an IT company, the biggest vulnerabilities were in losing Internet connectivity and power. In addition to the diesel generator for headquarters, the company also provided strong backup power stations for people occupying critical roles, both in and out of the office, to ride out potential blackouts caused by shelling. The earliest continuity planning the company did occurred before Starlink came in to provide Ukraine with Internet services, Tkachenko says, so MacPaw took the initiative to buy satellite Internet stations and set them up in advance of the invasion.

"We had to buy very expensive equipment that was not that easy to use, and it gave us a very slow connection speed," she says. "But we ordered two stations to create some areas for critical people to be able to operate."

Once Starlink became available, the company started using it as its backup Internet provider.

Build Up Hardware Reserves

In addition to heading off potential connectivity disruptions, MacPaw also prepared for potential supply chain issues that could jeopardize the continued operation of its critical IT systems and servers.

"We expected hardware supply chain disruptors because when war starts, all borders are usually closed, and it's not that easy to get a new, say, laptop," Tkachenko says. "That's why we built up in our warehouse some amount of reserve hardware we need for our work — because things will break."

Set Up Redundant Communications

Whether it is handling security incident response on any normal day or coordinating emergency cooperation during wartime, businesses need their team members to be able to communicate across distributed locations when conditions are rapidly changing. To prepare for conflict, MacPaw introduced additional channels of communication to bolster what it already had in place.

"Communication is everything," says Tkachenko. "We already used Slack in our company, but we wanted to add another mobile messenger and decided to use Signal. I asked everyone to install Signal and created a huge group for emergency communication."

Stay Flexible and In Touch

Once the outbreak of war hit, the emergency team tried to stay in touch daily and be flexible about business arrangements.

"Every morning at 10 a.m. we had a meeting and discussed what changed," Tkachenko says. "At the beginning, the situation was changing even each hour with new information to consider. At the daily meeting we discussed the current situation, launched projects, and made decisions. Today we're a lot closer to our routine regimen, but sometimes when a new danger comes up — for example, when there was word about potential danger to the Zaporizhzhia nuclear power plant — we meet regularly again to plan and discuss new activities."

Plan to Freeze Code Changes

All the while, the software developer took pains to protect its No. 1 asset during the initial days of the invasion.

"We decided to have a special code-freeze regime because in time of such unusual events, everyone gets emotional and some engineer could make changes without thinking rationally that could potentially break all of the systems," Tkachenko explains.

During a code freeze, the idea is to leave the critical source code in a read-only mode for a period of time.

"Only people from the emergency team were actually authorized to make some changes, if needed," she says.

Prepare for Spike in Cyberattacks

Finally, on the cyber defense front, the MacPaw emergency team assessed the potential for heightened cyberattacks that could come in concert with a Russian armed invasion.

"We added defenses. We are a very visible company here in Ukraine, and we knew we could be a target from some attacks from Russia," Tkachenko says. Indeed, the company did see a spike in distributed denial-of-service (DDoS) attacks that it thinks originated from Russia, she explains, especially during the first weeks of the invasion.

In response, MacPaw bolstered DDoS protection by partnering with Cloudflare. It also picked up more tooling from a number of companies that reached out to help from the US and Europe. Additionally, the company has enhanced its security education to help employees detect more targeted social engineering attempts.

"We have had security education before, but this year we invested even more into this to provide more advanced education," Tkachenko says.

Account for Human Realities

Last but certainly not least, Tkachenko says MacPaw leadership and those on the emergency team stayed focused not only on employees' physical health, but also their emotional health. When employees were scared, coordinating evacuation or shelter-in-place plans for their families, or worried about family members they're separated from, there's not a whole lot of room to get work done. Company leaders understood these realities and did their best to keep employees connected and safe.

"From the emotional side, for the first two weeks we experienced no performance. All of our channels in Slack and other messengers were about the war because we were sitting and reading news," Tkachenko says. "Only the emergency team were trying to do some work. What helped us was communication from our COO because our people needed reassurance."

The company provided financial support and gave employees who wanted to evacuate help to relocate. After a few weeks the company asked its employees to start gradually moving back to work, wherever they were in the world. The executive and emergency teams reviewed strategy and moved deadlines out to account for inevitably lower performance from the teams.

"So even now we've got lower performance from some employees because we are human, but it's getting better," Tkachenko says. "And sometimes people say that when we're working, it helps us not think about the war. So work is a positive outlet."

About the Author

Ericka Chickowski, Contributing Writer

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights