The landscape for cyber threats has evolved dramatically over the past decade or so—and the changes have accelerated in the past few years. Before 30 years ago, the term “cyberwar” didn’t even exist, and the term is still somewhat controversial. Once upon a time (that time being just a few years ago), most private businesses had no reason to be directly concerned, but the lines continue to blur between nation-state adversaries, cybercrime groups, and rogue threat actors in ways that make virtually any business and any device fair game for cyberwarfare. The Armis State of Cyberwarfare and Trends Report: 2022-2023 takes a closer look at the situation and provides insight into whether or not organizations are adequately prepared to defend themselves.
The report highlights the sentiment of global IT and security professionals on the current state of cyberwarfare and trends in the industry. It was conducted by surveying over 6,000 IT and security professionals around the world from across all major industry verticals and provides valuable insights into the challenges and opportunities facing businesses as they strive to protect their assets and secure their networks.
Technology Is a Double-Edged Sword
One of the things that stands out in the report is that technology is often a mixed blessing. Pretty much anything that makes life easier or more convenient for you can also be used against you by attackers, or exposes you to increase risk in some way.
Artificial intelligence (AI) and machine learning (ML) are becoming more ubiquitous in technology. In the world of cybersecurity, these technologies are being used to automate the detection and response to cyber threats, and are helping businesses to better protect their assets and networks. However, the report also notes that there are concerns about the potential for these technologies to be used for malicious purposes, and that there is a need for greater oversight and regulation in this area. Recently there has been rising concern about the potential for using generative AI tools like ChatGPT to develop malicious code and exploits.
The Armis report emphasizes that businesses are increasingly facing threats from cyberattacks that specifically target critical infrastructure. This includes attacks on industrial control systems, medical devices, and other critical systems that are essential to the functioning of modern society. Such attacks do not directly target organizations (aside from the critical infrastructure provider), but any attack that disrupts critical infrastructure that businesses rely on can have a tragic impact on those businesses. The report notes that these attacks are becoming more sophisticated and are often carried out by advanced persistent threat (APT) groups that have the resources and capabilities to evade traditional security measures.
In the foreword to the report, Nadir Izrael, CTO and co-founder of Armis, notes that analysts predict that by 2025 threat actors will be able to weaponize OT (operational technology) environments to harm or kill humans. He points out that it is part of a trend in cyberwarfare to move from reconnaissance and espionage to kinetic application with real-world consequences.
“These kinetic cyberweapons have already been discovered in the wild, although none specifically have been deployed to lethal effect. For example, the Triton malware discovered in 2017 targeted and disabled safety instrumented system (SIS) controllers of a Saudi Arabian petrochemical plant which could have contributed to a plant-wide disaster had the problem not been identified. And in February 2021, a hacker attempted to poison the water supply facility of a small U.S. city in the state of Florida via remote access. We have already seen ransomware attacks against the healthcare sector result in human deaths, so the potential impact of cyberattacks—whether intentional or unintentional—is clear.”
Are We Prepared for Cyberwarfare?
The rapid shift in the threat landscape has caught many organizations off guard. Businesses of all sizes and across all industries are struggling to understand the scope of the threat and many do not have the necessary cyber defenses in place.
Armis shared some of the key findings from the report in a press release. These findings highlight some of the key challenges we face as organizations strive to adapt to the emerging reality.
- One-third (33%) of global organizations are not taking the threat of cyberwarfare seriously, identifying as indifferent or unconcerned about the impact of cyberwarfare on their organization as a whole, leaving room for security gaps.
- Nearly a quarter of global organizations (24%) feel underprepared to handle cyberwarfare. Even still, the lowest-ranking security element in the eyes of IT professionals is preventing nation-state attacks (22%).
- Over 3 in 5 (64%) IT and security professionals surveyed agree with the statement, ‘The war in Ukraine has created a greater threat of cyberwarfare.’
- Over half (54%) of professionals who are the sole decision maker for IT security said they experienced more threat activity on their network between May 2022 and October 2022 when compared to the six months prior.
- Over half (55%) of IT professionals surveyed agree with the statement, ‘My organization has stalled or stopped digital transformation projects due to the threat of cyberwarfare.’ This percentage is even higher in specific countries, including Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%).
- When asked about their organization’s policy on paying ransoms in the event of a ransomware attack, IT professionals globally were divided in their responses. Twenty-four percent of respondents indicated their organization always pays, 31% said their organization only pays when customer data is at risk, 26% said the organization never pays, and 19% indicated that it depends.
- Just over three-quarters (76%) of IT professionals surveyed agree that the boards of directors are changing their organization’s culture towards cybersecurity in response to the threat of cyberwarfare.
- Almost 4 in 5 (78%) IT professionals surveyed said, when thinking about recent and ongoing sudden global events (such as the pandemic, Ukraine conflict, etc.), it’s likely that their company invests more of its budget into cybersecurity, with nearly 2 in 5 (37%) who think it’s very likely.
Defending against Future Cyberwars
The report highlights the importance of asset visibility in ensuring the security of business networks. It’s important for businesses to have a clear understanding of the devices and systems that are connected to their networks, and be able to detect and respond to threats in real-time. Armis, which strives to be the “Google Maps” of the IT environment or attack surface, is focused on helping customers have the visibility they need. They work with customers such as the City of Las Vegas, Takeda Pharmaceuticals, and a growing number of government entities to help them address these challenges.
I had a chance to speak with both of the founders of Armis, Yevgeny Dibrov, CEO, and Nadir Izrael, CTO. On the subject of asset visibility, Dibrov explained, “Every client should ask themselves, ‘What are my assets? Where are my assets?”
He added, “The most basic question—whether it’s a data center environment, or a manufacturing environment, or a hospital, or critical infrastructure, or a government facility is simply asking, ‘What do I have?’”
“I think cyberwarfare in general has become kind of an aboveboard thing that nation-states do, as opposed to maybe a decade or two ago where everything was like hush-hush and under the covers—like these covert attacks that were never attributable. That change is huge in our overall industry. It’s huge for countries. In fact, from our perspective it paints cyberwarfare as the new terrorism,” summed up Izrael. “It is the most cost-effective way of waging war in multiple levels and something that we’re seeing more and more examples of as we progress.”
Download the report for yourself for more detail on the survey and the findings from Armis. Moving forward, it will be crucial for organizations to know the answers to those questions and have that “Google Map” of their environment to work with, because it is unlikely that we will be able to put the genie back into the bottle. The lines have blurred. The world has converged. Cyberwarfare is a reality organizations have to deal with.