Cyber War: A Stealthy Contest
There is a cyber war afoot, and enterprises need to brace against threats and tight competition.
With mounting geopolitical tensions in Europe, Andy Norton, European cyber risk officer at Armis, uses data from the State of Cyberwarfare and Trends Report 2022-2023 to discuss the scope of the cybersecurity implications and how organizations can prevent attacks.
Over one year has passed since Russia announced the start of a “special military operation” on Ukrainian territory. Amid geopolitical tensions, economic problems, and social debates, major repercussions have arisen both in the Old Continent and in the rest of the world. Amidst this complex backdrop, another battle has also stealthily emerged: cyber warfare.
In fact, during the period from September to November 2022 alone, a 15% increase in suspicious activity by threat actors was detected on the Armis Asset Intelligence and Security platform. The noteworthy uptick in threat activity fuelled by criminal groups such as Conti, Killnet, Energetic Bear and more is a clear indication that organizations need to take the threat of cyber warfare seriously.
The Risk Is Real
Without a doubt, the risk is real and has been a catalyst to conversations about cybersecurity and potential risks from cyberwarfare in high places and entities. During the World Economic Forum in Davos, the Global Cybersecurity Outlook 2023 report was released indicating that nearly half (45%) of business decision-makers and an almost equal number of cybersecurity executives (46%) believe that a catastrophic cyber event is very likely to occur in the next two years.
Though it might not make for optimistic reading, these results follow a similar pattern to those of the Armis State of Cyberwarfare and Trends Report: 2022-2023, which showed 57% of UK organizations have stopped or stalled digital transformation projects due to the threat of cyberwarfare. Perhaps this fear is justified since, as a result of the conflict on the continent, there has been a significant upturn in cyberattacks in the region, with 42% of companies claiming to have had to report an incident of cyberwarfare to authorities. These seem to affect public administration and healthcare institutions in particular.
Furthermore, Gartner analysts predict that by 2025, cyberattackers will have weaponized operational technology (OT) environments with the capability to harm or kill people. And while this may seem extreme to us, there is a perceived evolution from reconnaissance and espionage to the kinetic use of cyber warfare tools, which, while not yet deployed with lethal intent, have been detected.
The possibility that a national or even global cyber blackout could have a catastrophic impact on individual economies or the global economy has been hotly debated by experts since the Wannacry incident in 2017 and concern continues to rise due to the potential of these attacks as a strategic means in the context of cyber warfare. Indeed the ransomware attacks suffered by the NHS late last year and the attack that, up until recently, plagued the Royal Mail Postal Service’s rest of world services for months.
The effects of these attacks on critical services are still being felt, with the already stressed NHS struggling to catch up on missed appointments and rescheduling due to weeks of system downtime. Royal Mail, until recently, could not process any items to ship overseas and may feel the effects of the attack for some time to come, as the LockBit gang responsible has continued to leak documents containing employee personal information on the Dark Web.
From this data and other information, it can be concluded that the risk of companies falling victim to a cyberattack triggered in the course of a cyber war is increasing. Despite this, there are still many organizations worldwide – one-third of the total, according to the study – that do not take the threat of cyber warfare seriously.
Protect and Prevent
In recent years, there have been an increasing number of attacks against business entities of all kinds, regardless of their size or the sector in which they operate. Numerous attacks on authorities or even companies by geopolitically motivated hacktivists show how the behaviors of cybercriminals are constantly evolving and that they are finding various ways to circumvent traditional detection and response systems.
In tandem with the increased threat activity of cybergangs, the attack surface is expanding since the incorporation of numerous connected devices into the environments of practically every industry sector. This digital transformation combined with the pandemic and the teleworking model has meant the deployment of all kinds of assets in enterprise networks, both managed – laptops, smartphones, smartwatches, etc. – and unmanaged – Industrial Internet of Things (IIoT) devices, operational technology (OT), etc. Unfortunately, every connected “asset” is also a potential entry point into the enterprise network.
This increased attack surface requires the implementation of an effective cybersecurity strategy to protect the infrastructure and investments to drive these implementations.
See more: How to Ensure Security for IoT Edge Device Processors
Frameworks and Regulations to Support Enterprise Security Culture
Depending on the type of organization, enterprises should be mapping cybersecurity programs to a cybersecurity framework (CSF), such as NIS, Cyber Essentials, ISO 27001 and more. Whichever is chosen, a key element to compliance is to be able to prove the organization has an adequate risk analysis. This risk analysis should be based on an understanding of all the critical assets that comprise the essential function of the business.
For most organizations, this can be problematic, as an up-to-date and accurate asset register is either non-existent, out of date, maintained manually or partially at best. Having real-time visibility over these assets and their associated risks is therefore an essential first step to any security program, as it vastly reduces the number of entry points attackers can exploit to gain a foothold in an organization.
More than a year after the outbreak of war in the Ukraine, and in the midst of a growing number of threats, it is essential that companies not only invest in cybersecurity solutions, but also take steps to make cybersecurity a priority in their day-to-day work, spend time training their employees in this area and maintain an attitude of constant vigilance in the face of threats.
Using a CSF and industry-specific regulations to help guide this process ensures that cybersecurity programs can not only be validated by recognized best practices, but also inform business leaders on what measures are appropriate and proportionate when it comes to their risk appetites. This will be the most effective way to prepare, ensuring critical services don’t become pawns in escalating instances of cyber warfare.
How are you strengthening your security posture to prepare for the cyber war we are amidst? Share with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
MORE ON CYBER THREATS
