“There isn’t a single part of cybersecurity that hasn’t seen wide-scale disruption over the last few years,” said Ian Monteiro, Executive Director of events management firm Image Engine, which runs the annual cybersecurity conference and exhibition, GovWare. Monteiro was opening GovWare 2022, which took place from 18 to 20 October this year against a backdrop of the Russia-Ukraine War and mounting cyber threats worldwide.
“It’s within this huge seismic turn of events that GovWare comes back,” Monteiro continued, highlighting the theme of this year’s event: ‘Fostering a Safe and Sustainable Cyberspace Amidst Disruption’.
Over three days, cybersecurity leaders and policymakers gathered at the Sands Expo Convention Centre in Singapore to uncover threats plaguing nations today, forge closer collaborations to address these threats, and discover the gaps that have yet to be addressed.
Cyber threats today
“We’re just seeing more of everything,” said Kevin Mandia, Chief Executive Officer of cybersecurity provider Mandiant, when speaking about intrusions and threats detected in cyberspace.
Four key trends define the cyber landscape of today, according to Bryan Palma, CEO of threat detection and prevention provider Trellix. Palma delivered a keynote on the first day of GovWare.
The first is the rise of nation states attacking profitable companies, he said. The trend first started with the SunBurst incident back in 2020, which saw allegedly Russian-backed hackers attacking one of IT management provider SolarWinds’ monitoring software. The malicious code was downloaded by about 18,000 entities, and ended up affecting over 100 organisations, including key US government agencies like the Department of Homeland Security and the National Treasury.
This is critical as “no private corporation really has a chance against nation states”, Palma highlighted.
Next, Palma observed increased attention surrounding expanding attack surfaces. This was catalysed by the Covid-19 pandemic, which saw workers around the globe embracing remote or hybrid working arrangements. “The corporate perimeter has basically disintegrated, which presents some new challenges,” Palma said. One of which is the rise in the mobile vector as an attack surface, as exemplified by emerging threats like smishing – where phishing attacks are carried out via mobile text messaging.
IT environments are also becoming increasingly complex. Beyond just on-premise security, organisations today also need to worry about the private cloud, public cloud, as well as hybrid cloud environments – all of which bring with them new attack surfaces, said Palma.
Alongside increased attack surfaces comes mounting cyber threats around the world, with ransomware being one of the most prominent ones. This could be the result of more widespread use of anonymous or digital currencies, Mandia added.
Finally, there is the concern about people. Palma shared that in his interactions with CISOs, many of them are most concerned about insider threats in the organisation, whether malicious or accidental. His concerns are not unfounded – over 80 per cent of data breaches recorded involved human error, misuse, or were an intentional attack, according to a data breach report by telecommunications firm Verizon.
Talent shortage too continues to pose a problem, leading to overwhelmed security teams. Palma cited a survey conducted by Trellix where they surveyed 9,000 global security professionals; 62 per cent of these individuals reported finding it difficult to retain talent.
“It’s something we have to solve because we’re burning our people out, and we don’t have enough of them,” he said.
Lessons from the Russia-Ukraine War
In addressing the rise of nation state attacks, expanding attack surfaces and mounting cyber threats, there are lessons to be gleaned from the ongoing Russia-Ukraine War.
Cyber risk continues to be top of mind during the war, but “we haven’t seen anything new or novel on the ground in Ukraine”, Mandia said. The cyber attacks observed thus far are all methods of attacks that have been around for some time, he explained. It is in light of this that he underscored the need for countries to adopt proper preparation.
“If you know the invasion is coming into your nation and you believe the cyber domain will get aggressive, you can prepare and adequately assemble defences that will be good enough for you to operate through the conflict,” he said.
Mandia emphasised the need for constant vigilance for countries beyond those directly impacted. “Everybody needs to be thinking that the cyber conflict in Ukraine bleeds out or propagates more globally,” he said. Already, the impact of cyber attacks on Ukraine is felt throughout Europe.
GovInsider had previously spoken to Vincent de Crayencour, Chief Business Development and Strategy Officer at non-governmental organisation CyberPeace Institute, who highlighted a cyberattack that occurred on the day of Russia’s military invasion of Ukraine. The attack had disrupted internet access for thousands of users across Europe, he shared.
In response, nations need to be on guard and ensure that they have the security infrastructure in place to prevent these threats, or at the very least mitigate their impact, Mandia said. For example, this can include having IT monitoring software in place such that organisations know immediately if a vulnerability is present in their IT environment, and are able to fix it quickly.
Another way nations can be on guard is through purple teaming, Mandia suggested. This involves having cybersecurity professionals simulate a cyber attack, with some playing the aggressor and others the defender. By simulating attacks that an organisation is most worried about, they are then able to understand if there are any security gaps that need to be plugged, he explained.
Additionally, Mandia observed that intelligence sharing on cyber threats is now better than ever before. “Ukraine integrated threat intelligence from the private sector and from government agencies around the world so they can better protect their networks and their infrastructure,” he explained. The world has since learned from their example, he added.
How trade addresses the people problem
Meanwhile, cyber trade may be a solution to the continued problem of a shortage in cyber capacity, according to Juliette Wilcox CMG, Juliette Wilcox, Cyber Security Ambassador for UK Defence and Security Exports, Department for International Trade in the United Kingdom.
“We know the demand for cybersecurity is greater than the supply,” Wilcox said. But therein lies the opportunities. In the United Kingdom, cyber experts grew from 3.96 billion pounds in 2019 to 4.23 billion pounds by 2020, according to the UK government’s website. And when the cybersecurity industry grows as a whole, so does its ability to attract talent.
Companies who are exporters of cybersecurity products generally report higher growth of sales, jobs, and pay, said Wilcox. Investing in the growth of the industry will therefore create a virtuous cycle – as the ecosystem is strengthened, demand for skilled workers increases, leading to a rise in hiring, which fuels more exports.
“And by exporting expert products and services, we can ensure our partners and allies are protected as well,” Wilcox added, explaining how trade can help the cyber industry grow not just in the United Kingdom, but internationally as well.
Nevertheless, Wilcox acknowledged that more remains to be done. For instance, she highlighted the need for skills obtained by cybersecurity professionals, whether in university or otherwise, to be recognised internationally. “[There needs to be] an understood equivalence to ensure that people and their knowledge can be understood and accepted globally,” she explained.
To this point, accreditation may be the solution, according to Rowland Johnson, President of non-profit CREST International. CREST, for instance, assesses cybersecurity professionals on their skills and competencies based on their ability to deliver a service even when hiccups occur, Johnson told GovInsider in an interview ahead of GovWare.
Cybersecurity may have come a long way since it was first established, but recent turmoil has revealed that it will always be a work in progress, especially as new threats such as quantum computing arise. As Palma said during the conference: “I think of cybersecurity as a young adult, we’ve made it out of our teenage years, but we’re by no means by no means a full grown and mature adult.”
Editor’s Note: A previous version of the article stated that over 18,000 organisations were affected by the SunBurst attack. The number has since been revised for accuracy.