Security of the digital infrastructure is more important than ever

The use of cyberweapon deployment in the hybrid war in Ukraine has marked the dawn of a new age of conflict. Hours before missiles were launched and tanks rolled across borders, Russian actors launched a huge, destructive cyber-attack against key government, technology and financial sector targets in Ukraine.

According to Microsoft’s Digital Defence Report 2022, the trillions of signals analysed by Microsoft’s worldwide ecosystem of products and services reveal the ferocity, scope and scale of digital threats across the globe.

This first full-scale hybrid conflict has taught us important lessons. Firstly, the security of digital operations and data can be best protected – both in cyberspace and in the physical space – by moving to the cloud. Initial Russian attacks targeted on-premises services with wiper malware, and targeted data centres with one of the first missiles launched. Ukraine responded by rapidly moving workloads and data to hyperscale clouds hosted in data centres outside Ukraine.

Secondly, advances in cyber threat intelligence and endpoint protection powered by data and advanced artificial intelligence services in the cloud have helped Ukraine defend against Russian cyber-attacks, and more importantly, has increased data security and resilience across the board — in organisations of all sizes.

All human-operated ransomware campaigns share common dependencies on security weaknesses. Attackers usually take advantage of, say, an organisation’s poor cyber hygiene, which often includes infrequent software updates and failure to implement multifactor authentication. The IBM and Ponemon Institute’s Cost of a Data Breach, 2021 study reports a global average data breach cost of $4.24m (€2.2m), up 10pc from the previous year, and $9m in the United States. Compliance failures were found to be the top cost-amplifying factor. Conversely, breach cost reductions were associated with best practices such as incident response planning, Zero Trust deployment maturity, security AI and automation, and use of encryption.

This year, cybercriminals have continued to act as sophisticated profit enterprises. According to the report, the volume of password attacks has risen to an estimated 921 every second – a 74pc increase in one year. The report also highlighted that 93pc of Microsoft’s ransomware incident response engagements revealed insufficient controls on privilege access and lateral movement.

Attackers are adapting and finding new ways to implement their techniques. At the same time, cybercriminals are becoming more frugal. To lower their overheads and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use their computing power to mine cryptocurrency.

The pandemic, coupled with rapid adoption of internet-facing devices of all kinds as a component of accelerating digital transformation, has greatly increased the attack surface of the digital world. Cybercriminals are quickly taking advantage. While the security of IT hardware and software has strengthened in recent years, the security of Internet of Things and operational technology devices has not kept pace. Threat actors are exploiting these devices to establish access on networks and enable lateral movement, to establish a foothold in a supply chain, or to disrupt the target organisation’s OT operations.

Key among the lessons learned in 2022 is cloud solutions provide the best physical and logical security against cyber-attacks and enable advances in threat intelligence and end-point protection that have proven their value. As cyber defences improve and more governments and businesses take a proactive approach to prevention, we see attackers using two strategies to gain access. One is a campaign with broad targets that relies on volume. The other uses surveillance and more selective targeting to increase the rate of return.

With the acceleration of digital transformation, the security of digital infrastructure is more important than ever. Therefore, understanding the risks and rewards of modernisation becomes crucial to a holistic approach to resilience. IoT devices, for example, including everything from printers to web cameras, climate control devices and building access controls, pose unique security risks to individuals, organisations and networks. The rapid adoption of IoT solutions in almost every industry has increased the number of attack vectors and the exposure risk of organisations.

As we consider the gravity of the threat to the digital landscape, and its translation into the physical world, it is important to remember we are all empowered to take action to protect ourselves, our organisations and enterprises against digital threats.

Kieran McCorry is national technology officer at Microsoft Ireland