In the past decade, the cyber threat landscape has evolved significantly. Just a few short years ago, few businesses had reason to concern themselves with the notion of cyber warfare. However, the boundaries between different cyber threat activities and their meanings have blurred; a cyber attack on a hospital, for example, could be financially motivated, a quiet act of nation-state backed terrorism, or both. Now, according to a new report, virtually any business and any device is perceived as a permissible target when it comes to cyber warfare.
New trends report
The Armis State of Cyberwarfare and Trends Report: 2022-2023 examines the situation closely and provides insight regarding whether or not businesses are adequately prepared.
In the report, one of the things that stands out is the notion that technology is often a double-edged sword. Nearly any digital program or device that simplifies and streamlines tasks can also be weaponized by cyber attackers, or can increase an enterprise’s attack surface in some capacity.
The report goes on to point out that there are newly emerging concerns around the use of artificial intelligence (AI) and machine learning (ML) for malicious intent. Greater oversight and regulation of these areas is essential. Most recently, concern has arisen around the potential for generative AI tools, like ChatGPT, to pump out corrupt code.
For many larger conglomerates, the concern centers around cyber attacks that target critical infrastructure. This would include industrial control systems, medical devices, and other critical systems that power and provide for everyday societal needs. Any cyber attack that interrupts critical infrastructure functionality could have a tragic impact on all surrounding businesses that rely on said infrastructure.
The report states that critical infrastructure attacks are becoming increasingly sophisticated and that they’re primarily executed by advanced persistent threat (APT) groups, who have the know-how, perseverance and resources to evade detection and authorities.
According to Chief Technology Officer and Co-Founder of Armis, Nadir Izrael, cyber war instigators aim to move from reconnaissance and espionage to a modality of cyber warfare that results in substantive real-world consequences.
Preparation, cyber warfare
The recent tectonic shift in the cyber threat landscape has caught many organizations off-guard. Organizations have not yet caught up with the scope of the threat, and remain woefully under-secured.
- In the second half of 2022, cyber attacks on governments and federal entities increased by 95%.
- A third of global enterprises do not yet take the threat of cyber warfare seriously, appearing indifferent or unconcerned about the impact of cyber warfare on their operations.
- Nearly a quarter of global organizations feel under-prepared to contend with cyber warfare.
- For 22% of IT professionals, the lowest-ranking security priority is preparing for nation state attacks.
- 64% of IT and security professionals agree that the war in Ukraine has created a greater probability of cyber warfare.
- 55% of surveyed IT professionals agreed with the statement ‘My organization has stalled or stopped digital transformation projects due to the threat of cyber warfare.’
Defending the future
The Armis report stresses the importance of resource visibility in ensuring the security of business networks. Organizations need to clearly understand the devices and systems connected to their networks, and to be able to detect and respond to threats as they arise in real-time.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.