More than three-quarters of security professionals in large organizations believe the world is now in a state of perpetual cyberwar – and 82% consider that geopolitics and cybersecurity are fundamentally linked.
The figures come from a survey conducted by Sapio for machine identity solutions provider Venafi. The survey hasn’t been published, but the results are discussed in a Venafi blog.
Sapio surveyed 1,101 security decision makers in firms with more than 1,000 employees (24% had more than 10,000 employees) across the US, UK, France, Germany, the Benelux countries, and Australia. Almost 50% of the individuals surveyed were at c-suite level or above.
Without sight of the questions, the replies returned nor the interpretations applied, the survey cannot be given any ‘scientific’ weight. For example, ‘cyberwar’ is not defined, and different respondents may have different views. Is an attack by Conti part of this cyberwar?
Nevertheless, companies as large as those queried will undoubtedly have conducted forensic analysis of any breach. Kevin Bocek, Venafi’s VP, security strategy and threat intelligence, told SecurityWeek that this analysis might identify the actual attacker but would certainly indicate the attackers’ TTPs and level of sophistication.
In the current geopolitical climate, this would lead to a strong perception of whether the attack was by or in support of a nation state; that is, effectively an act of cyberwar. This is how we should interpret Venafi’s survey: an analysis of companies’ perception of the role of cyberwar in current cybersecurity. Sixty-four percent of the respondents suspect they have been directly targeted or impacted by a nation-state attack.
The cyberwar perception is remarkably high and seems to have been kick-started by the Russian invasion of Ukraine and the subsequent level of condemnation and sanctions leveled by the West. More than two-thirds (68%) of the respondents have had more conversations with their board and senior management since the start of the war. And 63% doubt they would ever know if they had been hacked by a nation state.
“Cyberwar is here,” said Bocek. “It doesn’t look like the way some people may have imagined that it would, but security professionals understand that any business can be damaged by nation states. The reality is that geopolitics and kinetic warfare now must inform cybersecurity strategy.”
The danger that Venafi foresees is that as more advanced state or state-aligned groups get involved in this cyberwar, the level of sophistication in the attacks will increase. One rapidly growing threat vector is the abuse of machine identities. Bocek cites SolarWinds and HermeticWiper as two recent Russian state activities.
The SolarWinds attack, says Venafi, “is a prime example of the scale and scope of nation-state attacks that leverage compromised machine identities.” HermeticWiper is another, using code signing to authenticate malware.
But this cyberwar isn’t limited to Russia. The activity of other traditional adversarial nations – in particular, China, North Korea and Iran – must also be interpreted as part of a global cyberwar. While Russia and China have so far largely avoided direct destructive attacks against western critical infrastructure, the same cannot be said for North Korea and Iran.
“Nation-state attacks are highly sophisticated, and they often use techniques that haven’t been seen before. This makes them extremely difficult to defend against,” continued Bocek. “Since machine identities are regularly used as part of the kill chain in nation-state attacks, every organization needs to step up their game. Exploiting machine identities is becoming the modus operandi for nation-state attackers.”
Related: Lloyd’s of London Introduces New War Exclusion Insurance Clauses
Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West
Related: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar
Related: Venafi Becomes Unicorn After Investment From Thoma Bravo
