Nation-state attacks, such as Russia-origin supply chain attacks highlighted by the now-infamous SolarWinds debacle as well as numerous other incidents have put cybersecurity professionals on edge.
A sizable 64% of cybersecurity professionals believe they are locked in a perpetual state of cyberwar, while 57% believe their organization has been a target of nation state cyberattacks, according to a Venafi survey of security professionals at the RSA 2022 conference.
Current geo-political conflict has profound change on perception of cyberwar
The Ukraine-Russia war has caused a pronounced shift in the way Cybersecurity professionals view the cyberwar.
Before the conflict, only 26 percent believed we were in a state of perpetual cyberwar but this jumped to 64% after the breakout of the conflict. And 57% of the respondents believe that their organization is a target of nation-state cyberattack.
With this heightened state of awareness, 55% of the respondents said that their organization has changed their cybersecurity strategies as a result of the conflict.
- 56% believed their organization is a target for nation-state cyberattacks
- 54% indicated that their organization has changed its cyber security strategies as a result of the conflict between Russia and Ukraine
A whopping 85% of respondents believe that better cybersecurity is their patriotic duty.
And in response to the question, “If your executive team and your board were required to sign off on cyber security compliance would your company’s cyber security posture improve?” a large majority (77%) said “yes."
Biggest organizational challenges
In response to a question about the biggest organizational cybersecurity challenges their organization faces, 63% of respondents said “not enough skilled people” and 42% said “not enough budget,” while 25% said “leadership treats cybersecurity like IT.”
Finally, regarding the biggest cybersecurity threats that their organizations face, 50% said ransomware, while 40 percent said cloud security.
“The sophisticated cyberattacks that are the hallmark of nation state attacks often target digital keys and certificates that serve as machine identities,” says Kevin Bocek, VP Ecosystem & Threat Intelligence at Venafi.
“These critical security assets are often poorly managed and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data,” warns Bocek. “Any organization that isn’t managing machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack. And, unfortunately, these risks are unlikely to change in the near term because most organizations are just beginning to understand these risks,” Bocek adds.