Foreign power activity raises the cyber stakes for digital leaders
Nash Squared CISO, Jim Tiller, looks at the impact of global unrest on organisation's cybersecurity.
For all its complexity, the simple reality is that information security is just like any other market – driven by demand and supply. Demand comes from attackers, while supply comes from the availability of systems to attack.
This year’s Nash Squared Digital Leadership Report shows us that both demand and supply are significantly increasing. We are seeing more cyberattacks, spiked by global unrest, and more systems available for targeting through an increasingly connected world.
So it is that our research finds that, globally, the proportion of businesses suffering a major attack has risen to 28% this year (from 24% in 2021) and stands at 51% amongst large organisations (those with tech budgets over $250m). This reverses a trend of mild decline in reported major incidents in the previous few years.
However, we should probably treat these statistics with a degree of caution. As the business community has become more conditioned to the cyber phenomenon, so the threshold for what constitutes a ‘major’ attack has risen. What might have been seen as almost a black swan event a decade or so ago now passes for a ‘normal’ cyber incursion. There’s little doubt that the frequency and sophistication of attacks is increasing all the time.
Foreign powers waging the battle
What really stands out in this year’s research is that, with the global unrest we’ve been seeing in 2022, and the ongoing politicisation of cyber warfare, the threat of a foreign power sponsored cyberattack has rocketed up the agenda for digital leaders, with 40% fearing the possibility compared to just 12% in 2018. This may partly be a function of increasing awareness – the more that nation state attacks or sponsored attacks are publicised and discussed, the more business leaders are conscious of the threat – but it’s also because they are becoming more widespread.
There’s no doubt that certain nations are becoming increasingly active, determined and malicious in their cyber warfare efforts. They’re using both their own direct resources to carry out attacks, and sponsoring sophisticated crime syndicates to conduct them on their behalf. These criminals may also carry out further attacks of their own for their own purposes, increasing the jeopardy.
Whereas a foreign power sponsored attack will have the chief aim of extracting intelligence or disrupting services and systems in rival countries, a criminal gang’s own efforts will be concentrated on breaching a system or extracting data so that a ransom can be extorted, usually payable in a cryptocurrency.
What we also see is that the fear of a foreign power attack rises the larger an organisation is – peaking at 56% of digital leaders at large organisations. Targeting large organisations makes sense because of their reach across financial systems, essential communications, emergency services, critical products and solutions, and greater investments in research and innovation.
Large organisations are a more attractive target to cyber criminals because they have a bigger attack surface, creating more potential entry points; they tend to be more important in their sector, making them a more attractive target to malicious actors; and they also have more intellectual property (IP) that attackers want to steal. As businesses continue on their digital transformation journeys, this IP is no longer held on paper in a safe, but resides on servers and digital systems.
Cloud formations becoming complex
On top of this, there’s an additional factor that is complicating cyber security and making the task of protecting the perimeters harder. That’s the cloud. Over four in ten (41%) respondents say that the move to the cloud has made security more complicated. On the face of it, this may seem surprising because through the big cloud providers such as Microsoft, Amazon and Google, businesses get access to enterprise-class security capabilities.
However, the cloud is an exceptionally complicated environment from a technical perspective, with multiple protocols, processes and modules, and complex interactions between them. There is a risk of organisations making errors in configurations, especially if they have several different cloud providers across a mix of virtual, hybrid and physical servers and multiple countries/regions.
Cloud is still an emerging capability and it is evolving all the time – the talent pool of professionals who really understand the security configurations and permutations and keep that knowledge refreshed is limited. This scarcity is of course compounded by the cybersecurity skills shortages we hear about so often. The result is that, for all the flexibility and resilience it creates, the cloud also brings security complexities, especially for large distributed organisations.
Stay focused and avoid distractions
So, what should digital leaders be concentrating on to keep their organisation safe and secure? With so many threats and risks from every direction, my main message here is to keep your focus. Carry out a rigorous, business-aligned risk assessment and devote your resources to dealing with the threats that highlights.
Make use of the resources available to you. For example, the quality of today’s threat intelligence is unprecedented. Combined with such tools as the MITRE ATT&CK framework, it is now possible to prioritise based on threat modus operandi as they relate to your business conditions. Moreover, with digital transformation comes new capabilities to better locate and classify assets, ensuring that security is aligned to what matters.
Conversely, it is easy to get distracted. I often see organisations rushing to buy multiple cyber defence tools – the ‘latest gadgets’ – which they then don’t even fully deploy or configure properly. It can turn into a blizzard of activity that just builds up security tech debt and achieves little.
It’s also essential to get the basics right. For example, many successful ransomware attacks are simply the result of poor password management and authentication processes. If you’re going to focus on one area, that’s probably where to start. Invest also in educating your staff. Sound security practices by your people is one of the most effective cyber defences of all.
The war is escalating – but the mechanisms and tools are out there to keep yourself defended. Review your risks, prioritise your actions, keep your focus and carry on moving along that path.