Over the past ten years or so, the environment for cyber threats has undergone a significant transformation, which has accelerated in recent years. The term "cyberwar" didn't even exist until 30 years ago, and it's still somewhat debatable today.
Once upon a time (that time being just a few years ago), the majority of private businesses had no reason for immediate concern. However, the distinctions between nation-state adversaries, cybercrime organisations, and rogue threat actors continue to become more and more hazy, making practically any company and any device fair game for cyberwarfare. The Armis State of Cyberwarfare and Trends Report: 2022-2023 examines the situation more closely and offers information on whether or not organisations are sufficiently equipped to defend themselves.
The report focuses on the opinions of IT and security experts from around the world regarding the state of cyberwarfare today and market trends. It offers insightful information on the opportunities and challenges faced by businesses as they work to safeguard their assets and secure their networks. The study was conducted by surveying more than 6,000 IT and security professionals worldwide from all major industry verticals.
Technology: A double-edged sword
Technology is frequently a mixed blessing, which is one of the report's most notable findings. Anything that makes your life simpler or more convenient for you can, in theory, be used against you by attackers or expose you to a higher risk in some other way.
Technology is increasingly reliant on artificial intelligence (AI) and machine learning (ML). These technological advancements are being used to automate the detection and response to cyber threats, which is assisting businesses in better protecting their assets and networks. The report does point out, however, that there are worries about how these technologies might be misused for bad, and that more oversight and regulation are required in this area. Concerns about the potential use of generative AI tools like ChatGPT to create malicious code and exploits have recently grown.
The Armis report highlights the growing threat that cyberattacks that target critical infrastructure pose to businesses. This includes attacks on systems that are crucial to the operation of contemporary society, such as medical equipment and industrial control systems. While these attacks don't specifically target organisations (aside from the provider of critical infrastructure), any attack that affects the critical infrastructure that businesses depend on can have disastrous effects on those businesses. In accordance with the report, these attacks are becoming increasingly sophisticated and are frequently carried out by advanced persistent threat (APT) groups, which are outfitted with the resources and technical know-how necessary to get around conventional security measures.
In the report's introduction, Nadir Izrael, CTO and co-founder of Armis, mentions that experts believe threat actors will be able to weaponize OT (operational technology) environments by 2025 in order to hurt or kill people. The shift from reconnaissance and espionage to kinetic application with tangible effects is a trend in cyberwarfare, he observes.
“These kinetic cyberweapons have already been discovered in the wild, although none specifically have been deployed to lethal effect. For example, the Triton malware discovered in 2017 targeted and disabled safety instrumented system (SIS) controllers of a Saudi Arabian petrochemical plant which could have contributed to a plant-wide disaster had the problem not been identified. And in February 2021, a hacker attempted to poison the water supply facility of a small U.S. city in the state of Florida via remote access. We have already seen ransomware attacks against the healthcare sector result in human deaths, so the potential impact of cyberattacks—whether intentional or unintentional—is clear.”
Can we survive cyber warfare?
Many organisations have been caught off guard by the threat landscape's quick change. The scope of the threat is difficult for businesses of all sizes and in all sectors to comprehend, and many do not have the necessary cyber defences in place.
In a press release, Armis summarised some of the report's most important findings. These results highlight some of the major obstacles that organisations must overcome in order to adjust to the new reality.
- The threat of cyberwarfare is not being taken seriously by one-third (33%) of international organisations, who report being unconcerned or indifferent about how it will affect their organisation as a whole, creating security gaps.
- Nearly a quarter (24%) of international organisations believe they are unprepared to handle cyberwarfare. Nevertheless, preventing nation-state attacks comes in last on the IT professionals' list of security concerns (22%).
- The statement that "The war in Ukraine has created a greater threat of cyberwarfare" is accepted by more than three out of five (64%) IT and security professionals polled.
- Between May 2022 and October 2022, compared to the six months before, more threat activity was reported on networks by over half (54%) of professionals who are the sole decision-makers for IT security.
- The majority (55%) of IT professionals polled concurred with the statement that "My organisation has stalled or stopped digital transformation projects due to the threat of cyberwarfare." In some nations, like Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%), this percentage is even higher.
- IT professionals around the world responded differently when asked about their company's policy on paying ransoms in the event of a ransomware attack. Twenty-four percent of respondents said their organisation always pays, 31% said their organisation only pays when customer data is at risk, 26% said their organisation never pays, and 19% said it depends.
- A little more than seven in ten (76%) of the IT professionals polled concur that, in response to the threat of cyberwarfare, the boards of directors are changing the organisational culture with regard to cybersecurity.
- Nearly 2 in 5 (37%) of the IT professionals surveyed believe it is extremely likely that their company will increase its investment in cybersecurity in light of recent and ongoing unexpected global events (such as the pandemic, the conflict in the Ukraine, etc.)
Combating future cyberwars
The report emphasises how crucial asset visibility is to maintaining business network security. Businesses must have a thorough understanding of the hardware and software that connect to their networks in order to identify threats quickly and take appropriate action. With the goal of becoming the "Google Maps" of the IT environment or attack surface, Armis is committed to giving its users the visibility they require. To assist them in overcoming these obstacles, they collaborate with clients like the City of Las Vegas, Takeda Pharmaceuticals, and an increasing number of governmental bodies.
Yevgeny Dibrov, the CEO of Armis, and Nadir Izrael, the CTO, were interviewed by Tony Bradley, Editor-in-Chief at TechSpective. Regarding the visibility of assets, Dibrov stated, "Every client should ask themselves, 'What are my assets? What are my assets, exactly?
In a data centre environment, a manufacturing environment, a hospital, a critical infrastructure facility, or a government facility, the most fundamental question is, "What do I have?" he continued.
“I think cyberwarfare in general has become kind of an above board thing that nation-states do, as opposed to maybe a decade or two ago where everything was hush-hush and under the covers—like these covert attacks that were never attributable. That change is huge in our overall industry. It's huge for countries. In fact, from our perspective it paints cyberwarfare as the new terrorism,” Izrael stated. “It is the most cost-effective way of waging war on multiple levels and something that we're seeing more and more examples of as we progress.”
Since it is unlikely that we will be able to put the genie back in the bottle in the future, it will be crucial for organisations to understand the answers to the questions Dibrov posed and have that "Google Map" of their environment to work with.