The war in Ukraine has underlined the potential cybersecurity risks posed by a hostile foreign power, leading to widespread concern that major attacks could become a feature of the ongoing conflict.
Even before Russia began its invasion, governments were already seeking to improve the scope and effectiveness of their national cybersecurity strategies and the wider role of ‘cyber power’ on the world stage.
In the UK, for instance, the government published its revised UK National Cyber Strategy for 2022 late last year, whose objectives include ensuring the UK “continues to be a leading responsible and democratic cyber power.” Key priorities include boosting cyber-resilience and capitalizing on technological advantages.
Shortly after, this was followed by a further public statement focusing on Cyber Security Strategy: 2022 to 2030, centered on the need to ensure all UK public sector organizations are “resilient to known vulnerabilities and attack methodologies by 2030.”
While the emphasis on improvement is welcome, it presents some significant challenges, and as the document points out, “there remains a significant gap between where government cyber-resilience is now and where it needs to be. This gap is brought into sharp focus by the sheer volume of cyber-attacks that the government sector experiences, and the evolving capabilities and techniques of the broad range of malicious actors conducting them.”
In light of the conflict in Ukraine and the polarization in geopolitical policy, it’s clearly even more important that these efforts don’t operate in isolation and are founded on effective international cooperation. Indeed, this was already a feature of the relationship between UK and US intelligence and cybersecurity officials, who underlined their coordinated approach at bi-annual meetings between GCHQ, the NSA and the United States Cyber Command last December.
Prioritizing Technology Innovation
In practical terms, technology innovation will continue to play a pivotal role in the ability of organizations to remain secure. A case in point is the major risks posed by file-based security threats, which remain one of the most common methods used by cyber-criminals and nation-states to initiate attacks.
Research has revealed, for example, that nearly 50% of hackers attempting to spread malware deliver it almost exclusively through email, with a particular emphasis on Word and Excel file formats.
Part of the problem is the reactive nature of some of today’s most popular cybersecurity technologies, most notably in the case of sandboxing and antivirus solutions. The blind spots created by zero-day exploits are a particular concern, with victims unaware of their existence and potential impact for up to 30 days until these technologies are fully updated.
What’s more, nearly three-quarters of the malware found embedded within these files is of an unknown variant when it is received. As a result, systems and data are more vulnerable to attack – a fact well known to those looking to access or damage networks.
However, innovative technologies such as content disarm and reconstruction (CDR) solutions are giving organizations the ability to close these gaps in security. CDR works by cleaning and rebuilding each incoming file to match its ‘known good’ industry specification standard and, in the process, removes the threats posed by malware before they can be passed on to users.
CDR starts with the inspection process, which involves validating three layers of each file to ensure whether it is in compliance or not. Next is remediation, where high-risk active content is instantly removed, such as macros and embedded links. According to organizational policy, this can be controlled, meaning users who need to receive active content can still do so.
Finally, users are provided with a rebuilt, safe and identical file that is fully compliant and standardized. As a result, users can trust every file and security teams can minimize the risk of malicious code hidden in malware infecting their networks.
In the current climate, there is significant potential that attacks could have a real-world impact on critical infrastructure, including utilities and other key public services. There is also a broader risk across sectors as diverse as finance, manufacturing, transportation and logistics. Organizations need to reduce their attack surface urgently, and just as governments are now on high alert, leaders must adopt the same approach. Technology innovation will remain a key component for building an effective defense in the weeks and months ahead.