There have been more warnings over the rising threat of cyberwarfare, with a call for businesses to better understand the risks and those who are behind them.
In the wake of the State of Cyberwarfare and Trends Report: 2022-2023, issued by cyber security firm Armis, Etay Maor, senior director of security strategy at Cato Networks, warned a move to hybrid working only added to the threats companies face.
“Cyberwarfare is a term used interchangeably by individuals and organisations, he explained. “It is hard to define exactly what it is as historically ‘warfare’ was conducted by military or military like organisations, cyberwarfare on the other hand can be conducted by militaries, organisations, individuals and more and target military, organizations, individuals and more. The recent conflict between Russia and the Ukraine further shows us how complicated things can get, where civilian organizations helped defend and prepare the Ukraine for cyber-attacks, while cybercrime organizations were called to the flag by Russia to preform attacks. The lines of defining warfare and conflict have significantly blurred”.
Maor continued: “Enterprises should be prepared for cyber-attacks, whomever the threat actor may be. This means not only understand what all your assets and crown jewels are, as the report and its authors suggest, but also making sure all these resources receive the same level and security. Some organizations may prioritize a specific database or application, while only providing a VPN or very minimal security to a worker who is working from home. The fact of the matter is – both are potential targets and entry points for threat actors to target and so both should have the same security level, policies, and enforcement capabilities.”
“Organisations need better security with easier management and less project overhead to feel comfortable to continue with their digital transformation, as those who do not complete this transformation will be left behind,” he concluded.
Sam Curry (pic), chief security officer, Cybereason said the threat was such that firms should not only be aware of the risks but should not be falling victim to the same type of attack time after time.
“It isn’t surprising that critical infrastructure networks are the focus of many hacking groups, and the challenges are unique in their sector,” he explained. For instance, the healthcare industry is in the crosshairs of many different ransomware gangs and the energy sector from nation-state sponsored actors. The attackers aren’t stupid. They know their risk equations, whether formally or intuitively, better than anyone. The end result is what matters.
“They will look at the prize, the cost and the risk and are motivated to get their returns. Having the law and nation states in opposition is daunting, but if the prize is big enough, it’s not a deal breaker. If we as defenders really want to drive them to other activities, like trying a new job, then the deterrent is going to have to get much more serious. Plugging the holes in critical infrastructure networks is challenging, takes dedication, persistence, and money. Today, at least 16 industries fall under the label of ‘critical infrastructure’ and the topography, clients, systems, vulnerabilities, service levels, suppliers and much more vary enormously between banking and water supply for instance or between energy and transportation.”
Curry continued: “ Also, the number of companies paying ransoms today is staggering with some paying twice, three times or more. Cybereason found in a recent global ransomware study that 80 percent of organisations that paid a ransom were hit a second time. Nearly half of the organizations paid a second ransom and 10 percent paid a third one. Fool me once, shame on you. Fool me twice, shame on me… fool me four times…? It gets a bit ridiculous. After a certain point, we are talking about negligence no matter the extenuating circumstances. At some point it’s time to shut down or actually get better at this IT thing and get the security right.”