While cyber risk has not been completely independent from international politics and world affairs, there has been a significant shift of alignment in recent weeks. The digital sphere is closer to physical war than ever before.
As part of managing cyber risk, it is important to understand the short-term impacts and long-term risks of current events. It is also important to know where to place your focus in order to get the best defense.
Common Vulnerabilities, Exposures (CVEs), found in many software products and systems, reached a record high last year. Cybercriminals also know this and will exploit it as part of their campaigns. This activity by cyber criminals is commonplace, for example there was a 356% rise in CVEs or zero-day vulnerabilities being exploited for initial access in Q4 2021 compared to Q3 2021. For patching known vulnerabilities, it is important to evaluate the most recent threat intelligence. In times of war or peace, threat actors are likely to have similar motivations. Disruption is a common theme. Threat actors who are motivated by financial gain will likely focus on ransomware attacks, email compromise and extortionist campaign. Given the many ways systems can be compromised, it is important to improve detection and response capabilities.
Critical infrastructureThere could be a greater chance of an attack on financial institutions and power or water treatment plants. These companies will likely already have robust threat monitoring technology and incident management plans. If they don’t, they should begin bolstering their defenses.
Already there has been a shift in dynamics among threat actors. As battle lines in the virtual and real worlds are drawn, the fluctuating pledges of allegiance between cybercriminal groups and in-fighting and rising factions will likely continue.
Long-term consequences could include an increase in ransomware variants and actor-controlled ransomware websites. This is because groups reorganize and regroup to adapt. This is similar in nature to what usually happens when cyber-groups are disrupted. The unpredictable nature of cyber threats is one of the most important reasons to strengthen detection and response capabilities: you may not know what suspicious activity you’re looking for until you detect it, and you must be able to quickly respond when that happens.
How to Focus Your Cyber Defense Strategy
Many are good for national defense. Government agencies have warned repeatedlyThe private sector is encouraged to improve their cyber defenses. Many senior executives are therefore concerned about cyberattacks.
While no one can guarantee their company won’t be compromised in a cyberattack, there are precautions organizations can take to reduce the risk and mitigate the impact of an attack. A solid foundation starts with the basics. This is where boards, senior executives and their security teams need to be focusing.
Instead of asking security personnel if they are vulnerable to attack or can withstand an attack on the company, ask them if they have the resources, skills and bandwidth to make the company resilient. Security teams will be able to identify vulnerabilities and determine what needs to happen to fix them. However, they may need additional support to make it work in today’s threat environment.
We advise companies to trust their security teams in order to ensure that basic security measures are being taken and to identify areas at risk. Security teams may need testing and assessments to help identify vulnerabilities. It is best to have this done by an expert. The current environment should encourage security teams to review their incident response plans. It is important to ensure that they are available in case of an emergency.
Our 10 Essential Cyber Security Controls to Increase Resilience will provide more detail on the controls that every organization must implement.