As the threat of nation-state attacks grows, countries are increasingly implementing national cybersecurity protocols with the same significance attached to them as conventional national security strategies.
Global governments are taking advantage of cyber warfare advancements to consolidate dominance, and recorded examples of international attacks on governments are rising.
In light of this, Venafi, the cybersecurity company specialising in machine identity, embarked on a survey of IT professionals at RSA Conference 2020, and asked a simple question:Is the world in a permanent state of global warfare?
Of the 485 respondents, a resounding majority agreed: 88% said yes, with 90% concerned that digital infrastructure will suffer the most damage as a result.
“Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organisations,” said Venafi vice president of security strategy and threat intelligence Kevin Bocek.
“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.
The results may not be so surprising when reflecting on recent news regarding cyber warfare.
Earlier this year, the US National Security Agency (NSA) reported a major cryptographic flaw in Microsoft Windows which prompted the Certified Information Systems Auditor (CISA) to issue a rare emergency directive.
In January, concerns arose after the US executed a drone strike which resulted in the death of Qassem Suleimani, an important figure high up in the Iranian government. Businesses were warned to prepare for retaliatory Iranian cyber warfare.
Venafi also reports the recent discovery that the Central Intelligence Agency (CIA) owned a cryptography software company, Crypto AG, whose services were used to obtain highly sensitive and classified data on foreign governments.
These developments were not lost on the surveyed IT professionals, with many voicing concerns that some industries, especially those undergoing digital transformation, were more vulnerable than others to cyber warfare.
Almost 60% of respondents say power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage.
19% thought that power was most vulnerable, followed by healthcare (12%) and transportation and water (tied at 5%).
“The sophisticated cyberattacks that are the hallmark of nation-state attacks often target digital keys and certificates that serve as machine identities,” says Bocek.
“These critical security assets are often poorly protected and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data.
“Any organisation that isn't protecting machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack,” adds Bocek.
“And, unfortunately, these risks are unlikely to change in the near term because most organisations are just beginning to understand these risks.