Security Experts:

Connect with us

Hi, what are you looking for?


Cyber Insurance

Security Pros Believe Cybersecurity Now Aligned With Cyberwar

More than three-quarters of security professionals in large organizations believe the world is now in a state of perpetual cyberwar – and 82% consider that geopolitics and cybersecurity are fundamentally linked.

More than three-quarters of security professionals in large organizations believe the world is now in a state of perpetual cyberwar – and 82% consider that geopolitics and cybersecurity are fundamentally linked.

The figures come from a survey conducted by Sapio for machine identity solutions provider Venafi. The survey hasn’t been published, but the results are discussed in a Venafi blog.

Sapio surveyed 1,101 security decision makers in firms with more than 1,000 employees (24% had more than 10,000 employees) across the US, UK, France, Germany, the Benelux countries, and Australia. Almost 50% of the individuals surveyed were at c-suite level or above.

Without sight of the questions, the replies returned nor the interpretations applied, the survey cannot be given any ‘scientific’ weight. For example, ‘cyberwar’ is not defined, and different respondents may have different views. Is an attack by Conti part of this cyberwar?

Nevertheless, companies as large as those queried will undoubtedly have conducted forensic analysis of any breach. Kevin Bocek, Venafi’s VP, security strategy and threat intelligence, told SecurityWeek that this analysis might identify the actual attacker but would certainly indicate the attackers’ TTPs and level of sophistication.

In the current geopolitical climate, this would lead to a strong perception of whether the attack was by or in support of a nation state; that is, effectively an act of cyberwar. This is how we should interpret Venafi’s survey: an analysis of companies’ perception of the role of cyberwar in current cybersecurity. Sixty-four percent of the respondents suspect they have been directly targeted or impacted by a nation-state attack.

The cyberwar perception is remarkably high and seems to have been kick-started by the Russian invasion of Ukraine and the subsequent level of condemnation and sanctions leveled by the West. More than two-thirds (68%) of the respondents have had more conversations with their board and senior management since the start of the war. And 63% doubt they would ever know if they had been hacked by a nation state.

“Cyberwar is here,” said Bocek. “It doesn’t look like the way some people may have imagined that it would, but security professionals understand that any business can be damaged by nation states. The reality is that geopolitics and kinetic warfare now must inform cybersecurity strategy.”

The danger that Venafi foresees is that as more advanced state or state-aligned groups get involved in this cyberwar, the level of sophistication in the attacks will increase. One rapidly growing threat vector is the abuse of machine identities. Bocek cites SolarWinds and HermeticWiper as two recent Russian state activities.

The SolarWinds attack, says Venafi, “is a prime example of the scale and scope of nation-state attacks that leverage compromised machine identities.” HermeticWiper is another, using code signing to authenticate malware.

But this cyberwar isn’t limited to Russia. The activity of other traditional adversarial nations – in particular, China, North Korea and Iran – must also be interpreted as part of a global cyberwar. While Russia and China have so far largely avoided direct destructive attacks against western critical infrastructure, the same cannot be said for North Korea and Iran.

“Nation-state attacks are highly sophisticated, and they often use techniques that haven’t been seen before. This makes them extremely difficult to defend against,” continued Bocek. “Since machine identities are regularly used as part of the kill chain in nation-state attacks, every organization needs to step up their game. Exploiting machine identities is becoming the modus operandi for nation-state attackers.”

Related: Lloyd’s of London Introduces New War Exclusion Insurance Clauses

Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West

Related: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar

Related: Venafi Becomes Unicorn After Investment From Thoma Bravo

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.