The Russian invasion of Ukraine has brought even greater attention and awareness of the increased threat of cyber-attacks to those outside the cyber industry, says Neena Sharma, Senior Strategist, at the Swedish cyber firm Clavister.
Russian cyber-attacks have been common and have targeted high-security sites, while Europe saw a record-breaking DDoS attack. Alongside increasingly advanced cyber-attacks, political division around the world has seen companies unwilling to disclose their algorithms to governments due to privacy concerns. It is therefore clear to see that geopolitical tensions have ushered in a new era of cybersecurity.
This new era will be significant not only for businesses and governments, but also for individuals. In the third quarter of 2022, global cyber-attacks increased by 28% compared to the same period in 2021. The recent prominence of cyber-attacks in the media will rightly prompt urgent questions around how individuals’ data is used and accessed, as well as with whom it is shared.
The EU has perhaps the world’s most stringent and robust data privacy rules and regulations. Its General Data Protection Regulation (GDPR) is one of the toughest privacy laws imposed on organisations, and ensures companies have a clear understanding of how they can use consumer data. It also gives individuals full transparency over how their data is used and with whom it is shared. With the growing number of cyber threats in mind, all nations need to be increasingly stringent with their data privacy rules and look to collaborate with others wherever possible.
Why no data is safe
Cyber criminals are continuously trying to gain access to any data they can, but, as an example, in recent weeks several Australian companies in particular have suffered some of the worst data hacks in the country’s history. The Optus hack targeted Australia’s second-largest telecommunications company and 10 million customers had their personal data stolen. Shortly after, Australian health insurer Medibank suffered a data breach in which hackers had access to the data of all its 3.9 million customers.
Cybersecurity experts believe that the hacks were due to the mishandling of APIs or, in the case of the Optus data breach, that hackers were able to gain access through the company’s firewall. This is an alarming trend which confirms that cyber criminals are now becoming much more switched on to vulnerabilities within a company’s or individual’s cybersecurity solutions. As a result, companies must invest more in adequate cybersecurity solutions.
Currently, only one in three businesses think they have sufficient coverage to secure their remote and hybrid workers. They often rely heavily on network security firewalls which, while part of a well-established, mature cyber security posture, many organisations haven’t been able to utilise as part of the advanced security features they offer. This is often because they either haven’t moved on from traditional firewalls to Next Generation Firewalls (NGFWs) or haven’t configured their NGFWs properly.
NGFWs provide enhanced protection against new and emerging cybersecurity threats. Without ensuring that their firewalls are regularly updated and adequately safeguarded, businesses are leaving their data out in the open for cyber criminals to access. Therefore, cyber criminals are not necessarily working harder to gain access to data, but smarter. These smarter, evolving hackers have led to a third of organisations making changes to their cybersecurity infrastructure.
The need for collaboration across nations
In May 2022, former UK PM Boris Johnson signed agreements with Sweden and Finland to reinforce the security of all three countries, signalling a major milestone in cross-border cybersecurity cooperation. Given the fractured geopolitical landscape and the myriad threats that have emerged from it, there is a growing need for collaboration between nations. By working together and sharing knowledge, nations ensure that cyber defences are continuously and iteratively improved, strengthened and implemented.
Particularly in times of conflict, senior government leaders and officials coming together can be the single most powerful act in protecting the general public. The ongoing war in Ukraine, and the cyber-attacks suffered in the country as a result, have only further intensified the need for cross-country collaboration. While countries around the world have helped Ukraine to manage data breaches, if collaboration had already been implemented, there would likely have been better protection of Ukrainian networks and data files. Collaboration across nations should be a preventative measure rather than a reactionary one.
The double-edged sword of digital transformation
The digital transformation that has taken place in recent years has transformed the way the world works. However, digital transformation has also opened up a world of new risks and challenges that businesses, countries and individuals need to be prepared for.
As more information is stored online and accessed through a variety of networks from employees working from home or overseas, the risk of cyber criminals accessing information through weak points in the network increases. Therefore, the risks and rewards of digital transformation must be carefully balanced to ensure that countries, businesses, and individuals are not opening themselves up to cyber-attacks as a consequence of their efforts to modernise their technology and networks.
The benefits of collective responsibility
The need for collaboration not only improves knowledge and implementation of cybersecurity across nations, but it also forms a sense of collective responsibility. For example, the European Union Agency for Cybersecurity (ENISA) ensures that there is an elevated level of cybersecurity understanding across the EU as well as promoting knowledge sharing and awareness. The sense of collective responsibility that is achieved through ENISA allows for strengthened trust across the EU to keep companies and individuals digitally secure. In its 2022 Threat Landscape report, ENISA confirmed that it expects to see more cyber operations driven by geopolitics in the near- to mid-term future, further highlighting the need of collaboration and collective responsibility as cyber-attacks continue to threaten global supply chains and much more.
Additionally, GDPR is imposed upon businesses and organisations that conduct activity with EU countries. This stringent regulation ensures that consumers’ data is protected and gives companies a distinct understanding of how they use the data they possess. There is a greater need for tougher laws globally to guarantee the privacy and security of all consumers.
Cyber security is an industry which has always had to adapt quickly as technology evolves. However, the past decade has seen technology progress at a rapid pace and cybersecurity experts have had to respond to advancements in technology in near real-time. As geopolitical tensions seem to be here to stay, the cybersecurity industry must work with governments and organisations to educate and raise awareness of cyberthreats, and ensure global safety in the face of emerging cyber-attacks.
