sb-as logo
Story image

'We are in a permanent state of cyber warfare' say 88% of IT pros

13 Mar 2020

As the threat of nation-state attacks grows, countries are increasingly implementing national cybersecurity protocols with the same significance attached to them as conventional national security strategies.

Global governments are taking advantage of cyber warfare advancements to consolidate dominance, and recorded examples of international attacks on governments are rising. 

In light of this, Venafi, the cybersecurity company specialising in machine identity, embarked on a survey of IT professionals at RSA Conference 2020, and asked a simple question:

Is the world in a permanent state of global warfare?
 

Of the 485 respondents, a resounding majority agreed: 88% said yes, with 90% concerned that digital infrastructure will suffer the most damage as a result.

“Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organisations,” said Venafi vice president of security strategy and threat intelligence Kevin Bocek.

“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”

The results may not be so surprising when reflecting on recent news regarding cyber warfare.

Earlier this year, the US National Security Agency (NSA) reported a major cryptographic flaw in Microsoft Windows which prompted the Certified Information Systems Auditor (CISA) to issue a rare emergency directive.

In January, concerns arose after the US executed a drone strike which resulted in the death of Qassem Suleimani, an important figure high up in the Iranian government. Businesses were warned to prepare for retaliatory Iranian cyber warfare.

Venafi also reports the recent discovery that the Central Intelligence Agency (CIA) owned a cryptography software company, Crypto AG, whose services were used to obtain highly sensitive and classified data on foreign governments.

These developments were not lost on the surveyed IT professionals, with many voicing concerns that some industries, especially those undergoing digital transformation, were more vulnerable than others to cyber warfare.

Almost 60% of respondents say  power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage. 

19% thought that power was most vulnerable, followed by healthcare (12%) and transportation and water (tied at 5%).

“The sophisticated cyberattacks that are the hallmark of nation-state attacks often target digital keys and certificates that serve as machine identities,” says Bocek.

“These critical security assets are often poorly protected and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data. 

“Any organisation that isn’t protecting machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack,” adds Bocek. 

“And, unfortunately, these risks are unlikely to change in the near term because most organisations are just beginning to understand these risks.”

Download image
Hardware Security Modules - and why they need to be virtualised
Unbound's vHSM provides advanced key management functionality, as well as easy and secure remote administration support - meaning there is no need for users to compromise on security any longer.More
Link image
Are modern authentication solutions killing passwords?
Multifactor authentication is innovating the login process and making it more secure. Passwords may be the first to go - but there are still some factors keeping them alive.More
Story image
Machine identities increasingly exploited, new research finds
Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.More
Story image
Slack unveils new security features as remote working skyrockets
Slack has introduced new security features, integrations and certifications to its platform in response to growing security concerns as more people work remotely.More
Story image
Internet outages drastically increased during COVID-19 lockdowns, report finds
Global internet disruptions increased 63% in March, with internet service providers hit the hardest. This is according to the 2020 Internet Performance Report from ThousandEyes, the internet and cloud intelligence company.More
Story image
Huawei all-flash arrays scoop 'Recommended' rating from DCIG
The DCIG guide has recognised Huawei’s OceanStor Dorado V6 and OceanStor F V5 series, which have both achieved ‘Recommended’ ratings. More