Russian-Ukrainian conflict, should we be more worried about cyber attacks?
What should organizations expect in terms of cyber attacks in the current Russian-Ukrainian conflict? Is It too late to be safe?
Hackers are more and more involved in today’s real world conflicts. When we open the newspaper in the morning, or more often a social network, we can read titles, news and posts about the last cyber attack and how it influenced the world again.
Hackers have been there for decades, but the fact that electronics and the internet are such a big part of our life nowadays, and that they get a lot of press coverage, made them attain a status closer and closer to the lives of rock stars.
It’s still hard to imagine hacker groupies hanging out of offices, but who knows about the future? Hackers are today “heroes without a cape” or “criminals” according to the side they decided to take, or according to the side of the people judging them.
Hackers are not something new to politics and the events of the world.
In 1990, cDc claimed to have worked with a group of Chinese dissidents with the goal of disrupting the computer network of the People’s Republic of China. The goal? To allow citizens to access censored content online. Even if this story was made up by the group to be a distraction during the extraction of several Chinese pro-democracy activists, it clearly shows what can be the weight of hackers.
Dated back to 1999, it is probably the first coalition of hackers, born to fight against the governments of China and Iraq. And then we get to today.
Considering the world, over the past 3400 years, humans have been entirely at peace for 268 of them, around 8%. War is not something unusual for humans; we could even say that humans are usually at war. In 2022 there are 20 wars going on.
What is cyber warfare?
Usually it’s defined as a cyber attack or a series of attacks that target a country, and, of course, they have the potential of disrupting infrastructure, medical and critical systems, bringing damage and often even loss of life. Cyber warfare always involves a nation-state cyber attack on another nation, sometimes carried out by a terrorist organization or hackers sponsored by the country that is starting an aggression.
In 2020, cyber attacks have been rated the fifth top rated risk and they are the new norm, both for private and public companies. According to Embroker, the IoT cyber attacks alone are expected to double by 2025.
Cybersecurity is at position number 7, the first of the technical risks.
The World Economic Forum notes that there is a 19,5% chance that cybersecurity failures will become a critical threat to the world in the next 0 to 2 years, and a 14,6% in 2 to 5 years. Ransomware attacks increased in 2020 by 435% and 95% of the cybersecurity issues traced to human error.
In 2015, the cost of cybercrime for companies was around 3 trillion dollars. In 2025 it is expected to be three times more. According to Accenture, around 43% of cyber attacks aim at small businesses but only 14% are somehow ready to face the challenge. According to IBM, on average, it takes 197 days for a company to discover a breach and 69 days more to contain it.
So, should we be more worried about cyber attacks due to the current political situation?
The not easy answer could probably be a “yes but”. Yes, we should be more worried, but not (only or mainly) for the political situation. We were the witnesses in the last years of a continuous increase in the number, the sophistication and the impact of cyber attacks.
The real question could be: should we be more worried about cyber attacks due to the current political situation because we haven’t done anything significant to increase our cybersecurity posture in the last years?
Something significant is the key. Did we do anything? Yes? We can be worried, worried but ready to face the challenge. No? We should be worried, not because a military confrontation is going on, but because we didn’t take any action to get ready to face a threat that is in the top 10 of the WEC risks.
Could our critical infrastructures get hit by hackers? What if the power grid gets shut down? Is there a magic button I can press to make everything alright? Will everything go well? No, it will not go well if we are not ready.
And no, it’s not too late. It’s never too late.
Antoine de Saint-Exupery wrote, in unsuspecting times, that “Time for action is now. It’s never too late to do something”. Yesterday was the time for action, but it’s even today, because there is a threat ready to hit all of us.
It’s been very clear in the last years and months that what we call a traditional approach is not working. Ban on opinions, let’s focus on the numbers. As we can see, in the last ten years the number of cyber attacks has increased dramatically. Every company owns a firewall or, better, a UTM, which was marketed in the past as the solution to all evil. Most companies have monitoring software and services for visibility, that not more than three years ago was the mantra. Was it useful? Yes, of course. There would have been more incidents without that? Yes, of course.
Was it enough? According to the financial department, probably yes. Until they received that email, it was the start of a BEC attack and they lost three hundred thousand euros, which were transferred to the new company account, because “we have a problem with the old bank”. Until when a cybercriminal stopped production for one week because the PLC we bought was very cool but nobody cared about testing the software that was running on them.
It was not enough. And it’s not too late.
What we can learn from experience is that learning from attackers’ behavior is the best way to counter them.
Luckily, in the last few years, companies have discovered that offensive security services are fundamental for finding out their vulnerabilities and fixing them. The only limit of this kind of simulation is that they are carried out in a specific time frame and they take a picture of the situation at that specific moment.
These assessments are fundamental and they have a strong value, but they can not cover what is happening between the tests themselves.
The solution is to implement continuous assessments at the side of the trimestral or semestral ones. Everyday, developers modify and add code to the application. Everyday there is a new update coming out. It’s obvious that every day we can be exposed to new risks that will not be discovered until the next assessment, in a few weeks or maybe even months.
Today there are PenTest and Vulnerability Assessment services performed with Bug Security Bounty programs on a continuous cycle by Ethical Hacker Communities such as WhiteJar.
It’s not too late.
What we can take from the current situation is that everything that is happening can increase the threat level we have to face, but what is most important is to be ready to face the next challenges that we still don’t know.