Cybersecurity is the set of practices, processes and techniques undertaken to protect information systems and data from attacks against their availability, integrity or confidentiality. It encompasses technical aspects (information technology security) and social ones (human security). Effective cybersecurity is holistic and accounts for all components of an organisation's security, from network security and encryption to physical security and social engineering.
Cybersecurity measures often come as a multi-layered system aimed at reducing the ability of hostile actors to penetrate networks and devices. It relies on highly qualified personnel specialised in management, offence, defence, threat intelligence or forensic analysis. In addition, it leverages norms established by national or international organisations such as NIST in the US or ENISA in the EU.
Why is cybersecurity important?
Our societies, organisations and economies are now highly integrated with and dependent on computer systems. Power plants, hospitals, small businesses, cell towers and planes – to name a few - all rely on some form of information technology. As a result, they are all vulnerable to intrusion and disruption.
In 2017, state-sponsored hackers comprised software widely used by accounting firms in Ukraine. The NotPetya malware, as it was later named, was designed to erase data. It quickly spread all over the world.
Among many others, it affected hospitals, electricity providers, transport and logistics companies on all continents, as well as the Chernobyl radiation monitoring system. Overall, it is estimated that the attack cost billions of dollars.
Today's Russian military invasion in Ukraine has cyber and information-warfare components that present key cyber risks for organisations worldwide. Global businesses should continue to prepare for possible cyber retaliation and focus on improving their cyber defence posture by investing in and maintaining foundational security tactics: MFA, patching known exploited vulnerabilities, working on ransomware recovery tabletop exercises, etc.
What are cybersecurity threat actors?
Threat actors can be criminal (profits motives), hacktivists (political and ideological motives), or governmental (geopolitical or profits motives). Because hacking groups are diverse and their relationships with governments can vary, cybersecurity firms have created naming schemes for Advanced Persistent Threat (APT) actors. APT groups are often sponsored or directed by a state, but the nature of that relationship can vary greatly from a formal government agency to a mercenary group selling its services to states.
In recent years, threat actors have shifted their focus towards weak nodes among organisations and critical infrastructures. They increasingly target large organisations through their subsidiaries and contractors in supply-chain attacks; recent examples include thousands of Microsoft Outlook corporate clients. Internet and content service providers are another prime target for state-sponsored actors with the aim of disrupting Internet access for geopolitical purposes. For instance, Belgium’s primary Internet Service Provider (ISP), BelNet, suffered a sophisticated denial of service attack in June 2021, effectively grinding a major part of the country’s Internet to a halt.
What is the current threat landscape?
The rise in ransomware threat is the primary trend in recent years, with ransom payments reaching nearly a quarter-million dollars at the end of 2020. Other rising threats include spear-phishing and other social engineering attacks, such as Business Email Compromise (BEC), targeting employees in remote working settings. Indeed, Covid-19 and the generalisation of home working have significantly expanded the threat surface of companies. They now face greater risks from remote-access platforms and cloud servers, leading many to accelerate the deployment of Zero Trust Architectures (ZTA).
How are cybersecurity risks assessed?
Cybersecurity threats are multiple and diverse. However, not everyone is exposed equally to them. Ideally, cybersecurity measures should be tailored to the person or organisation. This is performed through a formal process known as threat modelling, which considers the person or organisation’s risk profile.
Conceptually, a cybersecurity risk assessment factors in the likelihood of an attack and its potential consequences. As such, different persons and organisations present different risks. For instance, the consequences of being targeted with a zero-click exploit to access one’s phone and listen to conversations are tremendous. However, not everyone is equally likely to be subject to such attacks: CEOs, journalists, activists, lawyers and researchers are at higher risk than other profiles regarding this specific threat. On the opposite side of the spectrum is ransomware, to which most organisations are equally likely to be targeted. However, the consequences of such attacks will usually be more significant for smaller companies, which may lack the required funding and expertise to set up effective backups and mitigation measures.
Advanced tools and exploits previously exclusive to state and state-sponsored actors, such as Cobalt Strike or EternalBlue, are increasingly leaked and leveraged by criminal groups. Sometimes, they are made available in ready-to-use packages for less-skilled criminals.