beebright - stock.adobe.com
Most CISOs think they’ve been attacked by a nation state
Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
The majority of businesses have changed up their cyber security strategies and policies as a direct response to Russia’s war on Ukraine, but at the same time, similar numbers have some reason to believe they may have been on the receiving end – either directly or indirectly – of a cyber incident orchestrated by a nation-state actor.
In a welcome sign that government guidance to be mindful of the potential for the cyber dimension of the war on Ukraine to spill over is hitting home, new data gleaned by machine identity management specialist Venafi found security leaders are keenly aware of nation-state dynamics in cyber and how they are changing in response to seismic geopolitical shifts.
“Cyber war is here. It doesn’t look like the way some people may have imagined it would, but security professionals understand that any business can be damaged by nation states. The reality is that geopolitics and kinetic warfare now must inform cyber security strategy,” said Kevin Bocek, vice-president of security strategy and threat intelligence at Venafi.
Its study of over 1,000 decision-makers in Australia, Europe and the US, conducted by pollsters Sapio Research in July, found 68% had had a conversation with their board or senior management about the effects of the war on Ukraine, and 66% had made some kind of change to their security posture as a result, while 64% reckoned they had already been impacted.
The research also found 77% of decision-makers believed the world was now in a “perpetual” state of cyber warfare, with 82% believing geopolitics and cyber are fundamentally linked. A large number of respondents (63%) also said they doubted they would ever know if they had been attacked by a nation-state actor.
Kevin Bocek, Venafi
“We’ve known for years that state-backed APT [advanced persistent threat] groups are using cyber crime to advance their nations’ wider political and economic goals,” said Bocek. “Everyone is a target, and unlike a kinetic warfare attack, only you can defend your business against nation-state cyber attacks. There is no cyber-Iron Dome or cyber-Norad. Every CEO and board must recognise that cyber security is one of the top three business risks for everyone, regardless of industry.”
Aligning with Venafi’s bread-and-butter interests in machine identities, the research also found that the use of spoofed machine identities was growing in state-sponsored cyber attacks, since the digital certificates and cryptographic keys that serve as machine identities are vital for secure digital transactions.
The Russia-attributed HermeticWiper malware attack, which aimed to soften up Ukrainian targets immediately prior to the 24 February invasion, was one such attack, using code signing to authenticate malware in a prime example of the scale and scope of nation-state attacks exploiting machine identities.
And such attacks are not just emanating from Russia – Chinese APT groups are continuing campaigns of cyber espionage to advance China’s political and economic goals, while North Korean groups such as Lazarus continue to funnel the profits from landmark cryptocurrency heists back to Pyongyang to fund the ambitions of their paymasters.
“Nation-state attacks are highly sophisticated, and they often use techniques that haven’t been seen before. This makes them extremely difficult to defend against if protections aren’t in place before they happen,” said Bocek.
“Because machine identities are regularly used as part of the kill chain in nation-state attacks, every organisation needs to step up their game. Exploiting machine identities is becoming the modus operandi for nation-state attackers.”
Read more about nation-state cyber attacks
- Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk.
- Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies.