There are new warnings that over a third of global businesses are failing to take the threat of cyberwarfare seriously as one expert described it as “the future of terrorism on steroids”.
Armis, the leading Asset visibility and security company, today revealed the findings from the “Armis State of Cyberwarfare and Trends Report: 2022-2023”. The report reveals global IT and security professionals’ sentiment on cyberwarfare, and at a time when the threat has increased significantly, many businesses feel unprepared.
In the UK it found that while 84% of organisations claimed they had programmes and practices in place to respond to cyberwarfare threat, only one-third (32%) said their plans are validated by best practice frameworks, which is less than the global average of nearly 40%. In addition, 57% of UK organisations have stopped or stalled digital transformation projects due to threat of cyberwarfare – slightly higher than the global average of 55%.
The report explained the Russian invasion of Ukraine has “not only tragically upended the lives of countless people in a sovereign nation, but it is also causing geopolitical shockwaves of cyberwarfare that will reverberate for the foreseeable future”. Today’s targets extend well beyond the higher levels of the opposition governments; any organization is a potential victim, with critical infrastructure and high-value entities at the top of the list, it continued.
“Cyberwarfare is the future of terrorism on steroids, providing a cost-effective and asymmetric method of attack, which requires constant vigilance and expenditure to defend against,” said Nadir Izrael, CTO and co-founder of Armis. “Clandestine cyberwarfare is rapidly becoming a thing of the past. We now see brazen cyberattacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data. Based on these trends, all organizations should consider themselves possible targets for cyberwarfare attacks and secure their assets accordingly.”
The survey found one-third (33%) of global organisations are not taking the threat of cyberwarfare seriously, identifying as indifferent or unconcerned about the impact of cyberwarfare on their organisation as a whole, leaving room for security gaps.
Nearly a quarter of global organisations (24%) feel underprepared to handle cyberwarfare, it added. Even still, the lowest-ranking security element in the eyes of IT professionals is preventing nation-state attacks (22%).
When asked whether the war in Ukraine has created a greater threat of cyberwarfare, over 3 in 5 (64%) IT and security professionals surveyed said they felt it had.
Over half (54%) of professionals who are the sole decision maker for IT security said they have experienced more threat activity on their network in the six months to October 22 than the prior six months.
Over half (55%) questioned said their organisation had stalled or stopped digital transformation projects due to the threat of cyber warfare. However the percentage was higher in specific countries, including Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%).
When asked about their organisation’s policy on paying ransoms in the event of a ransomware attack, IT professionals globally were divided in their responses. Twenty-four percent of respondents indicated their organisation always pays, 31% said their organisation only pays when customer data is at risk, 26% said the organisation never pays, and 19% indicated that it depends.
“Proprietary data from the Armis Asset Intelligence and Security Platform collected from 1 June 2022 through 30 November 2022 confirmed the aforementioned trends haven’t slowed, only worsened,” said the company. “Threat activity against the global Armis customer base increased by 15% from September to November when compared to the three months prior. Further, Armis identified the largest percentage of threat activity against critical infrastructure organizations, with healthcare organizations the second most targeted when compared to various industries.”