sb-as logo
Story image

'We are in a permanent state of cyber warfare' say 88% of IT pros

13 Mar 2020

As the threat of nation-state attacks grows, countries are increasingly implementing national cybersecurity protocols with the same significance attached to them as conventional national security strategies.

Global governments are taking advantage of cyber warfare advancements to consolidate dominance, and recorded examples of international attacks on governments are rising. 

In light of this, Venafi, the cybersecurity company specialising in machine identity, embarked on a survey of IT professionals at RSA Conference 2020, and asked a simple question:

Is the world in a permanent state of global warfare?

Of the 485 respondents, a resounding majority agreed: 88% said yes, with 90% concerned that digital infrastructure will suffer the most damage as a result.

“Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organisations,” said Venafi vice president of security strategy and threat intelligence Kevin Bocek.

“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”

The results may not be so surprising when reflecting on recent news regarding cyber warfare.

Earlier this year, the US National Security Agency (NSA) reported a major cryptographic flaw in Microsoft Windows which prompted the Certified Information Systems Auditor (CISA) to issue a rare emergency directive.

In January, concerns arose after the US executed a drone strike which resulted in the death of Qassem Suleimani, an important figure high up in the Iranian government. Businesses were warned to prepare for retaliatory Iranian cyber warfare.

Venafi also reports the recent discovery that the Central Intelligence Agency (CIA) owned a cryptography software company, Crypto AG, whose services were used to obtain highly sensitive and classified data on foreign governments.

These developments were not lost on the surveyed IT professionals, with many voicing concerns that some industries, especially those undergoing digital transformation, were more vulnerable than others to cyber warfare.

Almost 60% of respondents say  power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage. 

19% thought that power was most vulnerable, followed by healthcare (12%) and transportation and water (tied at 5%).

“The sophisticated cyberattacks that are the hallmark of nation-state attacks often target digital keys and certificates that serve as machine identities,” says Bocek.

“These critical security assets are often poorly protected and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data. 

“Any organisation that isn’t protecting machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack,” adds Bocek. 

“And, unfortunately, these risks are unlikely to change in the near term because most organisations are just beginning to understand these risks.”

Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
NVIDIA backs the future of hardware-based zero trust security
Check Point’s Infinity NEXT architecture will support NVIDIA DPUs by providing zero trust security. More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More