The war in Ukraine has underscored the potential cybersecurity risks posed by a hostile foreign power, raising widespread concern that major attacks could become a feature of the ongoing conflict.
Even before Russia began its invasion, governments were already seeking to improve the scope and effectiveness of their national cybersecurity strategies and the broader role of ‘cyber power’ on the world stage.
In the UK, for example, the government published its revised UK National Cyber Strategy for 2022 late last year, the goals of which include ensuring the UK “remains a responsible and leading democratic cyber power”. Key priorities include driving cyber resilience and capitalizing on technology advantages.
Shortly after, this was followed by another public statement focusing on Cyber Security Strategy: 2022 to 2030, centered on the need to ensure that all UK public sector organizations are “resilient to known vulnerabilities and attack methodologies by 2030”.
While the emphasis on improvement is welcome, it does present some significant challenges, and as the paper notes, “a significant gap remains between where government cyber resilience is now and where it needs to be. This gap is clearly highlighted by the sheer volume of cyberattacks the government sector experiences and the evolving capabilities and techniques of the wide range of malicious actors who carry them out.”
In light of the conflict in Ukraine and the polarization in geopolitical politics, it is clearly even more important that these efforts do not operate in isolation and are based on effective international cooperation. Indeed, this was already a feature of the relationship between UK and US cyber security and intelligence officials, who underlined their coordinated approach at bi-annual meetings between GCHQ, NSA and US Cyber Command. United States last December.
Prioritize technological innovation
In practical terms, technological innovation will continue to play a critical role in organizations’ ability to remain secure. An example of this is the major risks posed by file-based security threats, which remain one of the most common methods used by cybercriminals and nation-states to launch attacks.
Research has revealed, for example, that almost 50% of hackers attempting to spread malware deliver it almost exclusively via email, with a particular emphasis on Word and Excel file formats.
Part of the problem is the reactive nature of some of today’s most popular cybersecurity technologies, especially antivirus and sandboxing solutions. Blind spots created by zero-day vulnerabilities are of particular concern, as victims are unaware of their existence and potential impact for up to 30 days until these technologies are fully updated.
Moreover, almost three quarters of the malware found embedded in these files is of an unknown variant when received. As a result, systems and data are more vulnerable to attack, a fact well known to those seeking to access or damage networks.
However, innovative technologies such as Content Disarmament and Reconstruction (CDR) solutions provide organizations with the ability to close these security gaps. CDR works by cleaning and rebuilding each incoming file to match its “well-known” industry specification standard, and in the process removes threats posed by malware before they can be transmitted to users.
CDR begins with the inspection process, which involves three-layer validation of each file to ensure compliance or non-compliance. Next is remediation, where high-risk active content is instantly removed, such as macros and embedded links. Depending on your organization’s policy, this can be controlled, meaning that users who need to receive active content can still do so.
Ultimately, users are provided with a secure, identical, reconstructed file that is fully compliant and standardized. As a result, users can trust every file, and security teams can minimize the risk of malicious code hidden in malware infecting their networks.
In the current climate, there is significant potential that attacks could have a real impact on critical infrastructure, including utilities and other key public services. There is also broader risk in sectors as diverse as finance, manufacturing, transportation and logistics. Organizations urgently need to reduce their attack surface, and just as governments are now on high alert, leaders must take the same approach. Technological innovation will continue to be a key component to building an effective defense in the coming weeks and months.