The conflicts in Russia and Ukraine have captured the attention of the entire world, and have come to symbolise the times we live in. Previously, the phrase “nation-state attacks” evoked images of warfare with artillery and physical combats.
Now, cyber warfare has become an almost indispensable tool in modern warfare – from attacking a country’s critical information infrastructure to adversely impacting the government, military, and business operations. In fact, the government sector was the fourth most targeted sector by ransomware attacks in Q4 2021.
The state actors have not limited themselves to just attacking critical infrastructure, they have gone beyond, even manipulating societies at large through both attacks and disinformation.
Digital transformation leading to security risks
Ever since the pandemic pushed enterprises to go digital, government agencies across the globe played a critical role in accelerating their countries’ digital transformation, and in doing so, had to first transform their operations first.
For example, Organisations as well as government agencies, began migrating to the cloud to remain competitive and innovative. This was an excellent way to encourage late adopters to begin implementing cloud infrastructure and technology, while early adopters were encouraged to integrate deeper into the cloud to strengthen their processes and services.
However, the increase in migration also led to an increase in cyberattacks. Trellix research found that a 70% increase in ransomware activity was observed in India in Q4 2021. Our Cyber Readiness report, which focused on the preparedness of Indian Government agencies, and Critical Infrastructure Providers stated that 93% of Indians surveyed believe there is room for improvement in cybersecurity partnerships with the government.
Increased threat vectors
Governments must recognise that their digital transformation not only benefits economies, but also increases the vulnerabilities they are exposed to. The greater adoption of technologies by government agencies allows for a wider wall for prospective attackers to strike at. The territories that must be protected no longer just apply to land, air, and sea.
Although digital domains are invisible, the consequences of ignoring them from a security standpoint can be catastrophic. To reduce the impact of cyber incidents, businesses must be pragmatic and develop a resilient strategy for dealing with break-ins, advanced malware, and data theft.
Cybercriminals have become experts at deception, making them quite difficult to detect. When they enter a company’s system, the door is left open for them to harvest the company’s data. Once this occurs, cybercriminals gain control of data and systems and hold a company hostage for ransom. To address this, selecting the right security solution is critical to build a robust cybersecurity infrastructure.
Transforming your security posture in response to the evolving threat landscape
Nation-states, including technologically advancing ones like India, must monitor and protect an ever-expanding threat surface without overburdening their already stressed-out IT teams. This necessitates a more comprehensive and integrated approach to cybersecurity.
This also means, newer and more modern technologies such as endpoint detection and response (EDR), extended detection and response (XDR), multifactor authentication (MFA), and zero trust architecture (ZTA) solutions across the stack from endpoint, network to cloud and with data protection need to be adopted for an effective digital security strategy.
For example, XDR enables businesses to go beyond traditional detective controls by providing a comprehensive, yet simple view of threats across the entire connected ecosystem. It has the ability to provide the real-time data needed to identify critical risks and deliver best-in-class outcomes to businesses.
Organizations also need governments to assist them in identifying cyberattacks, and hence governments should stay up to date on the most recent cyber-attacks and vulnerabilities to maintain a high level of security. This is where public-private partnerships for data and intelligence sharing comes into play. Previously, information sharing was protected by privacy concerns or contractual obligations. However, such initiatives are critical to gaining the visibility needed to catalyse the shift from a reactive to proactive cybersecurity posture. A balance between information security and data privacy is necessary.
As today’s threats to nation-states are more sophisticated and unforeseen, governments must devise effective techniques for striking these floating targets. Organized networks of cyber criminals are working together to conduct large-scale attacks. Several countries have invested in cyber-armies whose day job is to hunt for vulnerabilities and penetrate digital cyber defences. Therefore, appropriate cyber-defence and counterattack strategies are important in the world of cyberwarfare – just like in the real world.
This requires partnership with all stakeholders, from suppliers and clients to government agencies and almost all strategic and commercial partners. In an increasingly interconnected world, organizations are inherently driven to prevent a breach in the ecosystem because any attack on one organization equally affects everyone.
An open architecture like XDR that ingests data from both internal and external sources, public and private, from which threat intelligence can be derived using state-of-the-art technologies through data analytics using AI/ML techniques is an example of such a collaborative approach.
Nation-state attacks have evolved. They are now more common, widespread, destructive, and not restricted to government transgressions. Whether it is safeguarding assets from a nation-state or an organised cybercrime gang, the ability able to detect, block, and protect in time will be critical. In this race against time, latest cybersecurity technologies like XDR can be a strong ally.
The author is Venkat Krishnapur, Vice-President of Engineering and Managing Director, Trellix India