{"id":8305,"date":"2022-05-27T12:00:00","date_gmt":"2022-05-27T09:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/2022\/05\/27\/cybersecurity-a-global-problem-that-requires-a-global-answer\/"},"modified":"2022-05-27T12:00:00","modified_gmt":"2022-05-27T09:00:00","slug":"cybersecurity-a-global-problem-that-requires-a-global-answer","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2022\/05\/27\/cybersecurity-a-global-problem-that-requires-a-global-answer\/","title":{"rendered":"Cybersecurity: A global problem that requires a global answer"},"content":{"rendered":"

Governments around the world are concerned about growing risks of cyberattacks against their critical infrastructure. Recently, the cybersecurity agencies of the countries comprising the \u2018Five Eyes\u2019 alliance <\/span>warned of a possible rise in such attacks<\/span><\/a> \u201cas a response to the unprecedented economic costs imposed on Russia\u201d following the country\u2019s invasion of Ukraine.<\/span>
\n<\/span><\/p>\n

The advisory noted that \u201csome cybercrime groups have recently publicly pledged support for the Russian government\u201d, with the threat of such cyber-operations coming \u201cin retaliation for perceived cyber offensives against the Russian government or the Russian people\u201d.<\/span>
\n<\/span><\/p>\n

According to Andy Garth, ESET Government Affairs Lead, such activity is \u201ca global problem with state actors, and their proxies, with some states willing to provide safe havens in which criminal groups can operate with impunity\u201d. <\/span>
\n<\/span><\/p>\n

\u201cIn the case of the Ukraine conflict, some criminal groups are now engaging in cyberespionage allegedly at the behest of their Russian hosts. Indeed, it\u2019s also prudent to prepare for increased incidents of cybersabotage and disruption as cyberattacks are added to the retaliation toolbox and the risk of spillover increases,\u201d says Garth. There is also a heightened risk of unintended consequences as vigilante groups enter the fray on both sides.<\/span>
\n<\/span><\/p>\n

A new approach to cyber-resilience<\/span>
\n<\/span><\/h2>\n

Before the invasion, governments across the globe were already considering cybersecurity strategies to counter the ever-escalating cyberthreats from state actors and criminal groups. But the new risks perceived by governments since February are fueling a new urgency towards building cyber-resilience.<\/span>
\n<\/span><\/p>\n

On March 15<\/span>th<\/span>, US President Joe Biden <\/span>signed<\/span><\/a> the Strengthening American Cybersecurity Act of 2022, requiring companies dealing with critical infrastructure to report substantial cyberattacks to the Cybersecurity and Infrastructure Security Agency<\/a> (CISA) within 72 hours and all <\/span>ransomware payments<\/span><\/a> within one day. More than just a disclosure law, the new regulation is intended to change the perception of a cyberattack from a private company matter to a public threat. This legislation comes as part of a trend, following the <\/span>Colonial Pipeline attack<\/span><\/a> in May 2021 when President Biden <\/span>signaled<\/span><\/a> a new role for cybersecurity and asked for a whole-of-government approach to cyberthreats.<\/span>
\n<\/span><\/p>\n

Together with new powers, CISA is also set to have its budget next year increased to $2.5 billion, which is <\/span>an extra $486 million from the 2021 level<\/span><\/a>. On top of this, Biden\u2019s <\/span>infrastructure bill<\/span><\/a> allocates $2 billion to cybersecurity, of which $1 billion is allocated towards improving the cybersecurity and resilience of critical infrastructure.<\/span>
\n<\/span><\/p>\n

In parallel, the European Union has followed a similar path with several new directives and regulations and additional funding aimed especially at enhancing the EU\u2019s cyber-resilience and the role of EU institutions, as well as facilitating greater cooperation between member state bodies. On the operational level, in response to Russia\u2019s invasion, for the first time the EU deployed the <\/span>Cyber Rapid Response Team<\/span><\/a> to assist Ukraine with mitigating cyberthreats. <\/span><\/p>\n

\"\"<\/a><\/p>\n

The EU-proposed <\/span>NIS2 Directive<\/span><\/a> aims to strengthen security requirements, address the security of supply chains, and streamline reporting obligations. NIS2 also significantly broadens the scope of critical entities falling under mandatory high level security requirements. Sectors such as health, R&D, manufacturing, space or \u201cdigital infrastructure\u201d including cloud computing services or public electronic communication networks will now require stronger cyber-resilience policies. Similarly, the EU Commission is proposing new legislation to focus on the financial sector with the <\/span>Digital Operational Resilience Act <\/span><\/a>(DORA) <\/span>and<\/span> IoT devices with the Cyber Resilience Act, which will be presented after the summer.<\/span>
\n<\/span><\/p>\n

The need for sharing intelligence and closer cooperation in threat detection is also the underpinning objective of the proposed <\/span>EU Joint Cyber Unit<\/span><\/a>, which aims to protect the EU critical infrastructure against cyberattacks. <\/span>While its<\/span> exact role and structure are still being decided, it <\/span>is expected to<\/span> have an operational character <\/span>that <\/span>ensure<\/span>s<\/span> a better exchange of intelligence on cybersecurity threats among the Member States, the European Commission, ENISA, CERT-EU, and the private sector. <\/span>
\n<\/span><\/p>\n

The Commission also proposed new regulations to strengthen CERT-EU, converting the structure into the \u201cCybersecurity Center\u201d, with the aim of strengthening the security postures of EU institutions.<\/span>
\n<\/span><\/p>\n

Garth points out that these efforts are a \u201crecognition within governments (and EU institutions) of the scale of the challenge in protecting nation-state digital assets against growing and evolving cyberthreats\u201d. He highlights the need for a \u201cwhole-of-society approach and partnerships with the private sector at its heart\u201d, \u201cno government can address these threats alone.\u201d citing the <\/span>UK\u2019s National Cyber Strategy 2022<\/span><\/a> where this kind of collaboration can be seen in areas such as education, building resilience, testing, and incident response.<\/span>
\n<\/span><\/p>\n

But what risks do governments face?<\/span>
\n<\/span><\/h2>\n

Governments have a unique characteristic: they store all the data concerning their activity as well as their citizens\u2019 data. Therefore, they are a most desirable target. This common threat to states is led at the United Nations level to agree \u201coff limits\u201d areas where cyberoperations should not be conducted, such as healthcare systems. The reality has diverged from this, with an ongoing cybercontest between the major powers and [non-binding] agreements at <\/span>UN<\/span><\/a> level being <\/span>ignored<\/span><\/a>.<\/span>
\n<\/span><\/p>\n

These contests <\/span>play out in the \u2018gray zone\u2019<\/span><\/a> where states can engage each other under the premise of plausible deniability and a constant cat-and-mouse game in the sphere of cyberespionage including stealing of information and attacks on critical infrastructure, sometimes causing real world disruption to <\/span>entire countries<\/span><\/a>. Recent cases such as the use of Pegasus spyware illustrate that eavesdropping is alive and well even among friendly states. As Garth says, \u201csnooping has been around a long time … as many intelligence practitioners are likely to agree, it can provide useful intelligence with modest risk as long as you don\u2019t get caught.\u201d<\/span>
\n<\/span><\/p>\n

<\/p>\n

RELATED READING: Cyber\u2011readiness in the face of an escalated gray zone conflict<\/a>\n<\/p>\n

<\/span><\/p>\n

Likewise, targeted <\/span>ransomware attacks are a growing concern<\/span><\/a> \u2013 not only to obtain the largest payout, but to maximize the value of stolen data on well-established criminal <\/span>marketplace<\/span><\/a> platforms<\/span>
\n<\/span><\/p>\n

Attacks<\/span><\/a> against supply chains can endanger not just government agencies or a specific institution, but critical sectors of a country\u2019s economy. The widespread impact of attacks like <\/span>the one against Kaseya<\/span><\/a> make it harder for governments to react, creating truly disruptive consequences for both businesses and citizens. But as some states are content to risk indiscriminate disruption and damage, others launch focused attacks targeting specific industrial units and systems with the aim of knocking out parts of a nation\u2019s critical infrastructure.<\/span>
\n<\/span><\/p>\n

Getting everyone to work together is the real challenge<\/span>
\n<\/span><\/h2>\n

Governments don\u2019t have an easy job, maintaining legacy systems, tackling skills shortage, building cyberawareness in the workplace, managing an expanding attack surface area, integrating new technologies, and facing down sophisticated attacks. Preparedness takes time and there is need to adopt a <\/span>zero trust approach<\/span><\/a>, understanding that attacks will happen and must be mitigated where they cannot be avoided. <\/span>
\n<\/span><\/p>\n

This is hard to apply the typically multi-layered infrastructure of government offices. Despite their size, it is often easier to protect the systems of centralized authorities but dealing with the immense number of local and devolved offices turns this into an almost impossible mission. Despite gradually increasing funding, there are too few cybersecurity professionals, making it much harder to defend against the evolving threats.<\/span>
\n<\/span><\/p>\n

Citizens are increasingly aware of cyberthreats, often due to high profile and frequent reports in the media; keeping the spotlight on the problem, funding awareness programs \u2014 particularly those aimed at the less tech-savvy and the vulnerable \u2014 is critical to success. Even so, humans making mistakes continues to be the major entry point for cybercriminals, which is why taking advantage of developments in machine learning and artificial intelligence is now essential, typically deployed in products and services like EDR and real-time threat intelligence.<\/span>
\n<\/span><\/p>\n

A common problem requires joint action<\/span>
\n<\/span><\/h2>\n

Synergies between the public and private sector come as a much-needed reaction to the growing threat presented by cyberattacks. The Ukraine crisis and previous work done to protect Ukrainian critical infrastructure is an important example of what can be <\/span>achieved<\/span><\/a>. <\/span>
\n<\/span><\/p>\n

In parallel, Garth suggests involving organizations such as the UN, OECD and groups like the G7, G20 dynamically, so that \u201cthe international community shines a spotlight on state cyberactivity, calling out and taking action where necessary against those that ignore established norms and cracking down on criminal groups and their ability to monetize their criminal endeavors … but also works together to enhance cyber-resilience across the globe, including in developing countries\u201d.<\/span>
\n<\/span>
\n<\/span><\/p>\n

Read the full analysis on WeLiveSecurity \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

New and exacerbated cyber-risks following Russia\u2019s invasion of Ukraine are fueling a new urgency towards enhancing resilience<\/p>\n","protected":false},"author":5,"featured_media":8306,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2879],"tags":[],"class_list":["post-8305","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-security"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=8305"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8305\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/8306"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=8305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=8305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=8305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}