Thu, Apr 7, 2022

Navigating a Heightened Cyber Threat Environment

Cyber risk has never been completely independent of world politics and international affairs, but in recent weeks, there has been a significant shift in alignment. The domain of physical war has closer ties to the digital sphere than ever before.

As part of efforts to manage elevated cyber risk, it is vital to understand the short-term impact and longer-term risk of current events, and where focus should be placed to achieve the best defense.

Short-Term Impact

Last year saw a record number of Common Vulnerabilities and Exposures (CVEs) which exist within software used in many products and systems. Attackers know this too and will look to exploit them as part of their campaigns. This activity by cyber criminals is commonplace, for example there was a 356% rise in CVEs or zero-day vulnerabilities being exploited for initial access in Q4 2021 compared to Q3 2021. Evaluating the latest threat intelligence is critical for prioritizing patching of known vulnerabilities. Threat actors are likely to have similar motivations in time of war and peace. Disruption is a common theme, and financially motivated threat actors are likely to focus on business email compromise, ransomware attacks and extortionist campaigns. It is wise to strengthen detection and response capabilities given the multitude of ways that systems can be compromised.

Critical infrastructure, such as power or water treatment plants and financial institutions, could have a higher likelihood of attack. Organizations in these industries will likely already have comprehensive threat monitoring technology and incident response plans. If they don’t, they should begin bolstering their defenses.

Longer-Term Risk

There has already been a persistent shift in dynamics among threat actors. The fluctuating pledges of allegiance among cybercriminal groups, as well as in-fighting and rising factions, are likely to continue as battle lines are drawn in both the physical and virtual worlds.

A further longer-term consequence could be an increase in new actor-controlled ransomware sites and new ransomware variants as groups reorganize, regroup and adapt. This is similar to what typically happens when cyber groups are disrupted by law enforcement. The unpredictable nature of cyber threats is one of the most important reasons to strengthen detection and response capabilities: you may not know what suspicious activity you’re looking for until you detect it, and you must be able to quickly respond when that happens.

How to Focus Your Cyber Defense Strategy

From a national defense standpoint, numerous government agencies have repeatedly warned the private sector to strengthen their cyber defenses. Consequently, many senior teams are understandably worried about the threat of cyberattacks.

While no one can guarantee their company won’t be compromised in a cyberattack, there are precautions organizations can take to reduce the risk and mitigate the impact of an attack. A strong foundation starts with the basics, and this is where boards, senior executives, and their security teams should be focusing.

Rather than asking security teams if the company is vulnerable to attack or if it could withstand an attack, the question should address if the company has people with the skills, resources and bandwidth to make the company as resilient as possible. Security teams will know where vulnerabilities are and what needs to be done to plug the gaps, but they may need some extra support to execute it in the current threat climate.

Our advice to companies concerned about the current heightened threat environment is to trust your security teams to ensure basic security measures are done well and to identify areas of risk. Security teams may require assessments and testing to help them identify vulnerabilities, which is often best outsourced to an expert for independent verification. Beyond this, the current environment should encourage teams to re-visit their incident response plans, most importantly ensuring that incident response plans are readily available, even if an incident were to occur and systems were taken offline.

To read more on the essential controls that every organization should implement, see our 10 Essential Cyber Security Controls for Increased Resilience.

Navigating Uncertainty During the Russia-Ukraine Crisis

Kroll will provide updates and resources related to the Russia-Ukraine Conflict. Read our latest insights now.

Cyber Risk - Blog

Kroll Cyber Risk specialists regularly publish articles, blogs, studies and books that help our clients better understand the changing business landscape.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Threat Exposure and Validation

Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.

Managed Security Services

World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.