During the build-up to the illegal invasion of Ukraine in February of 2022, there was consternation among information security professionals about what would happen on the cyber front. The prevailing groupthink at the time was that if countries in the West imposed sanctions, then they would suddenly be subjected to blistering Russian cyber-attacks that would cripple their businesses and national infrastructure.
This mentality led to some bizarre assumptions that seemed to ignore basic tenets of risk management. The first assumption was that the Russians needed sanctions as an excuse to attack national infrastructure which was off the mark . . .