sb-eu logo
Story image

'We are in a permanent state of cyber warfare' say 88% of IT pros

13 Mar 2020

As the threat of nation-state attacks grows, countries are increasingly implementing national cybersecurity protocols with the same significance attached to them as conventional national security strategies.

Global governments are taking advantage of cyber warfare advancements to consolidate dominance, and recorded examples of international attacks on governments are rising. 

In light of this, Venafi, the cybersecurity company specialising in machine identity, embarked on a survey of IT professionals at RSA Conference 2020, and asked a simple question:

Is the world in a permanent state of global warfare?
 

Of the 485 respondents, a resounding majority agreed: 88% said yes, with 90% concerned that digital infrastructure will suffer the most damage as a result.

“Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organisations,” said Venafi vice president of security strategy and threat intelligence Kevin Bocek.

“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”

The results may not be so surprising when reflecting on recent news regarding cyber warfare.

Earlier this year, the US National Security Agency (NSA) reported a major cryptographic flaw in Microsoft Windows which prompted the Certified Information Systems Auditor (CISA) to issue a rare emergency directive.

In January, concerns arose after the US executed a drone strike which resulted in the death of Qassem Suleimani, an important figure high up in the Iranian government. Businesses were warned to prepare for retaliatory Iranian cyber warfare.

Venafi also reports the recent discovery that the Central Intelligence Agency (CIA) owned a cryptography software company, Crypto AG, whose services were used to obtain highly sensitive and classified data on foreign governments.

These developments were not lost on the surveyed IT professionals, with many voicing concerns that some industries, especially those undergoing digital transformation, were more vulnerable than others to cyber warfare.

Almost 60% of respondents say  power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage. 

19% thought that power was most vulnerable, followed by healthcare (12%) and transportation and water (tied at 5%).

“The sophisticated cyberattacks that are the hallmark of nation-state attacks often target digital keys and certificates that serve as machine identities,” says Bocek.

“These critical security assets are often poorly protected and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data. 

“Any organisation that isn’t protecting machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack,” adds Bocek. 

“And, unfortunately, these risks are unlikely to change in the near term because most organisations are just beginning to understand these risks.”

Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
NordVPN upgrades infrastructure with launch of colocated servers
"The greatest advantage of having colocated servers is their complete ownership, which guarantees access only by our authorised people."More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
Imperva to acquire jSonar, bringing greater data security to enterprises
Imperva has entered into an agreement to acquire jSonar, a modern database security company. The transaction is subject to customary closing conditions, including receipt of required regulatory clearance, and is expected to close mid-October 2020.More