A third of IT and security professionals globally say they are either indifferent or indifferent to the impact of cyber warfare on their organizations as a whole, according to a survey of more than 6,000 people in 14 countries .

Security firm Armis commissioned the study, published today, with the aim of assessing cyber warfare readiness as Ukraine’s first Hybrid War has been unfolding for nearly a year and cyber spies nation states make the headlines almost daily.

The survey asked 6,021 respondents if they were confident their organization – and their government – ​​could defend themselves against cyber warfare.

“The answer is clearly no,” the report said.

In an interview with The registerArmis Vice President Chris Dobrec said the finding that 33% of respondents are not too concerned about cyber warfare surprised him.

“Given the focus on cybersecurity over the past decade, where it has gone from data theft to industrial espionage to full-out extortion with ransomware,” he said. “And clearly, the situation in Ukraine has increased awareness. The geopolitical situation, from my point of view, on the one hand, has increased awareness. But I was surprised that a third of the respondents still don’t feel prepared.”

The incongruity rings true. Cybersecurity and cyber-preparedness for organizations took center stage in Davos during last week’s World Economic Forum. During the annual meeting, the WEF published its Global Cybersecurity Outlook 2023 [PDF]which revealed that 91% of respondents think a catastrophic cyberattack is at least somewhat likely within the next two years.

However, respondents also cite a number of challenges, including the difficulty of retaining qualified staff in a competitive market and ever-changing technologies and regulations, which leave them ill-equipped to respond.

Similarly, a report by the US General Accountability Office [PDF] published last week revealed that federal computer systems and critical infrastructure face serious cyber risks that could harm human safety, national security, the environment and the economy.

“We have made 335 public recommendations in this area since 2010,” the GAO said. “Almost 60% of these recommendations had not been implemented by December 2022.”

Nearly half of organizations have experienced an “act of cyber warfare”

The Armis report echoes similar concerns. About 64% of respondents agree that the war in Ukraine has increased the threat of cyber warfare. Additionally, 54% of people who said they were the sole IT and security decision maker in their organization said they saw more threat activity on their network between May and October 2022 compared to the previous six months.

Additionally, 45% said they had to report an act of cyber warfare to the authorities.

But while almost a quarter (24%) of global organizations say they feel unprepared to deal with the threat of cyber warfare, the lowest-ranked “security element” is preventing an attack on a nation state, with only 22% considering it their top priority.

To be fair: many of the top priorities for IT and security professionals could go under the rubric of things to protect against nation-state attackers or indicators of a nation-state attack. Data protection tops the list with 60% choosing it as their #1 priority.

The others are: Intrusion detection (43%), Vulnerability management (39%), Threat visibility (38%), Incident response (35%), Risk assessment of IoT connected devices and OT (34 percent), preventing supply chain attacks (29 percent), machine monitoring (24 percent) and finally preventing an attack on a nation state – coming in at number 10.

“I guess there hasn’t been a strong enough correlation in the minds of security officials that many of the criminal organizations behind the ransomware attacks are largely sponsored by nation states” , said Dobrec. “So I hope that this type of data released to the market will increase the awareness that you need to think not only about cyber actors when thinking about the economy, but also about the nation states behind them.”

Looking ahead, Dobrec said operators and owners of critical infrastructure, followed by the transportation and logistics industries “should be on high alert” for attacks by nation states or cyber warfare, as these “could have devastating consequences from the point of view of human life”.

As the cyber warfare element of the war on Ukraine has shown the rest of the world, the threat landscape is larger than it was before.

“We used to put all of our energy just into the IT side of the house,” Dobrec said. But now we see [cyberattacks against] OT systems, healthcare systems, IoT, industrial control systems. The most important thing it helps us do is expand our openness.” ®

Source link

Leave A Reply