Virtual e-Crime & Cybersecurity DACH
20th January 2022, Online
CISOs in the crossfire: the rise of cyberwarfare and how to beat it
The link between nation-states and cybercriminals is proven. So how can the private sector stay safe?
“It's not cyber-war, but cyberterrorism." Howard Schmidt, former Cyber Security Coordinator of the Obama Administration, has said that "there is no cyberwar... Although they are non-violent, and thus not acts of war, their damaging effects on the economy and society may be greater than even some armed attacks.”
Whatever the definition, the problem for private-sector companies is clear: while most firms today can detect and deflect unsophisticated attacks from traditional small-scale hackers, the real threat lies with organised groups overtly or covertly supported by governments.
These groups are not only protected, but they are also nurtured with training, financing and, often, access to exploits that would be difficult or impossible for non-state supported actors to have developed.
The most obvious manifestation of this evolution has been the development of ever more sophisticated ransomware, and the link between ransomware and nation states was nowhere more obvious than when, after a meeting between Presidents Biden and Putin, the REvil hacking group disappeared and decryption keys to its ransomware appeared online. Exactly why is unknown, but the link with nation state activity looks strong.
For private-sector CISOs, cyberwarfare, cyber espionage, cyberterrorism and the rest are continuing to raise the game.
Ransomware has shown that so-called ‘basic cyber hygiene’ may be basic to describe but is very difficult to achieve in practice. Core issues around passwords, MFA, RDP, asset visibility, joiners/movers/leavers, patching and so on continue to let hackers into organisations to do damage.
Combine the increased volume and sophistication of adversaries with the expansion of the attack surface caused by hybrid working, OT/IoT and digital transformation in general and the challenge becomes clear. Without an increase in budgets that is unlikely to materialise, CISOs will fall further behind the curve.
It's time for governments, vendors and Big Tech to step up to the plate.
First, vendors need to step-up with more comprehensive, less single-point, solutions; second, the Cloud monopolists and telcos must do a better job of stopping threats before they reach end-users; and third, it’s time for governments to do a great deal more to protect all of us. But will any of this actually happen? What can CISOs do in the meantime?