Russia’s attack on Ukraine has sparked a flurry of warnings about the rising threat from cyber warfare. There are fears that Russia could target those at the vanguard of the response to the invasion online. Speculation about Russia’s cybercrime abilities has led President Joe Biden to warn that it expects Moscow to consider retaliatory cyber-attacks against the US and its allies. Boris Johnson also separately announced that the UK stands “ready to protect our country from any threats including in cyberspace.”
Why is the threat level rising?
In response to the sanctions and indictments that have been imposed on Russia, critical infrastructure providers are being urged to raise cyber defences. Everything from financial institutions to communication providers and energy suppliers could become a target for sophisticated nation-state actors and organisations have been put on a heightened state of alert.
Organisations are all too aware of the power threat actors hold to launch crippling attacks that disrupt everyday operations and steal vital intelligence. One of the most notable hacks since the conflict began occurred on the first day of the invasion and targeted satellite communications. The unidentified hackers knocked tens of thousands of people offline – not only in the Ukraine but across Europe. Thousands, from Poland to France, were still without internet connection over a month after the assault, demonstrating the disruptive impact that successful attacks can have.
There has also been a pattern of cyber strikes on Ukraine and there are concerns that new forms of malware could quickly spread across borders. In the days before the invasion, Ukraine experienced a series of cyber-attacks, with the websites of the country’s foreign ministry, Cabinet, and Parliament all falling victim to hackers. HermeticWiper, a wiper malware that can delete data from an infected computer’s hard drive, was also employed against Ukrainian organisations.
No business too big, or too small
Historically, it’s been believed that larger firms are more at risk from nation-state actors. However, the increasing homogeneity of digital systems and supply chains means every business is a target. Large enterprises and mid-sized organisations often process valuable information and supply critical services, which makes them viable targets.
In fact, a recent National Cyber Security Centre (NCSC) report noted a marked shift away from so-called ‘big game hunting’, in which criminals target the organisations and departments with the biggest pockets. Instead, they’re now targeting the mid-market, believing smaller organisations make for easier targets. The attacks are indiscriminate. Education is one of the top UK sectors targeted by ransomware actors, but the NCSC has also seen attacks targeting businesses, charities, the legal profession, and public services in the local government and health sectors.
Don’t forget the mid-market!
As enterprises scramble to ensure they have adequate cyber defences and review cyber readiness plans, the mid-market cannot be forgotten. Our own research of 200 mid-sized businesses reveals that the vast majority (69%) are facing an onslaught of cyber alerts every day but typically have three people or fewer in their team looking after cyber security. While nearly half (44%) admit their current cyber posture either needs development or is not at all future ready.
For mid-sized organisations, the focus needs to be operating at the same speed as attackers to stop threats by:
- Removing the human factor – introducing cloud security platforms that can perform routine tasks so security operations can spend more time investigating and protecting against genuine security threats
- Ensuring you have round the clock protection – autonomous processes and systems can offer 24/7 protection and respond to unknown threats at any time of day or night
- Covering your blind spot – verify the identity of everyone accessing corporate systems and resources, keeping a close eye on the cloud to ensure good cyber hygiene
To find out how mid-market businesses can move from automation to autonomous security in response to rising threat levels, read our report: The UK Mid-market on Code Red.