Businesses must look to their defenses in the coming cyberwar, security analyst warns

Cybercrime is increasing by 15% annually and is projected to become a $10trn illegal industry in the next five years, according to analyst group Cyber Security Ventures. Now Vladimir Putin’s decision to invade Ukraine looks likely to boost that upward trend even further, as hacker groups loyal to Russia target businesses to disrupt western economies.

Cyberwarfare analyst and secret services veteran Yuval Wollman has spoken of “asymmetry” in the coming conflict, with Russia seeking to exploit superior attack capabilities in the digital world, to compensate for its shortfall in conventional military might and the economic backlash caused by its new pariah status.

“What tools does the Kremlin have against sanctions?” asked Wollman, president of information security firm CyberProof and former Israeli intelligence officer. “They don't have economic tools - they need to establish a new kind of relationship with the Chinese economy, but it will take many years because they don't have the infrastructure.”

“The tools that the Kremlin has to mitigate those very harsh packages of sanctions is cyberwarfare - you cut me off from SWIFT, I will respond. I think we're on the verge of a spillover of nation-state tensions to the private sector, so we will see more and more of that in the next few months.”

Regarding the potential for escalation in cyberwarfare, Wollman said it was difficult to quantify the risk but pointed to data from IT company Hewlett Packard that showed state-sponsored attacks by threat actors had doubled between 2017 and 2021, with businesses being targeted over and above government agencies.

In response to this, defense budgets – which fund cyberwar programs – are rising, from about 2.15% of global GDP in 2018 to 2.36% in 2020, according to a report by CyberProof. In Europe, spending is set to rise even higher, with leading EU economy Germany announcing a one-off package of €100bn ahead of a permanent commitment to meet its NATO spending requisite of 2% of GDP per year.

That means budgets allocated to cyberwarfare are likely to rise as well. According to a report recently published by digital media company the Record, Germany was spending $240m annually on fighting threat actors before the invasion prompted its chancellor Olaf Scholz to declare the historic move to rearm.

“First, geopolitical tensions escalate cyberwarfare,” said Wollman. “Second, governments invest in cyberdefense. Third, this forces nation-state threat actors to attack private companies, to try gaining access to government targets. Fundamentally, nation-state attacks support the political goals of the country that sponsors them. The cyberattack on Ukrainian websites is classic – illustrating how real-world conflict has a spillover effect on shadow cyberwarfare.”

Russia will ‘unleash the flames’

The large-scale attacks on IT infrastructure company Solar Winds in the US in 2020 were another case in point.

“I would not be surprised if [more such] tacit campaigns are already in place and waiting for the right moment,” said Wollman, warning that Russia and its allies probably have agents installed in Western critical infrastructure companies. “When I refer to the toolkit that Putin has, this tactic is probably one of them.”

Russia would likely “unleash the flames when needed as a response to the West's next move” and spoke of “excitement and activity in a rogue – probably Russian proxy – groups on the internet.” Wollman added: “This is payday for them and other rogue countries.”

But he insisted that cyberattacks would not be all one way, confirming fears of escalation in the coming geopolitical conflict.

“There are counter measures already being taken by other states, and I can tell you for sure that cyberwarfare on the national level is not only coming from East to West. It can come from West to East, too.”

That meant Russia would also suffer in the fallout from Putin’s decision to escalate hostilities in Europe. “Capabilities to attack in the cyber dimension also exist in the West - they are [just] getting less publicity,” said Wollman. “The Russian economy is vulnerable because it relies on critical energy infrastructure.” This vulnerability, exacerbated by the termination of the NordStream gas pipeline and Russia’s recent loss of access to other energy markets, would lead to it suffering “an even bigger hit on top of economic sanctions.”

But Wollman also warned that Russia would compensate for the “asymmetry” between its economic and conventional warfare capabilities and those of the West by leveraging its superior cyberattack forces.

“On the cyber dimension, this is also asymmetric – because proxies coming from Russia's side don't care about [hurting] private businesses,” said Wollman. “They will target not only government or public [sector] targets but also civilian businesses and data personnel.”

Cooperation will be key for private sector

Wollman further cautioned that private-sector companies would have to look to their own defenses.

“Governments will protect themselves – they have state-level capabilities, huge resources, public funding,” he said. “But they are less invested in defending the private sector – that needs to defend itself first and foremost. And that opens up a bigger discussion, specifically that enterprises need to build strategy.”

He urged businesses not to put profit ahead of security and spoke of “tough decisions” that company bosses would have to take: “Businesses want to grow and sell more and be profitable. Cyber security hurts their bottom line, so they need to prioritize. They need to analyze the risk and make the right decisions in terms of resources.”

The best way to overcome this difficulty would be through cooperation, both within the private sector itself and between businesses and state actors.

“How do we shift the paradigm [and] not squeeze it into a decision that one company or information security officer in that enterprise needs to make?” he asked. “We want to see a group of these infosecurity officers in infrastructure companies working together to share information.”

This collaboration shouldn’t compromise companies’ commercial interests, he added: “They can work together, not to exchange business information obviously, but rather security and protection methods.”

This is where governments would need to step in. “You can do this at a country level,” he said. “You need collaboration between decision-makers – those public officials that protect government assets also need to work with the industry.”

While some progress towards this had been made in the past decade, Wollman believes it still falls short and would like to see more data sharing taking place to protect Western economies:

“Because the knowledge that the government has in terms of intelligence capabilities and funding will always be larger than [that of] the private sector accumulated.”

And he warned that the West was lagging behind in terms of leveraging attack capabilities because while democratic governments traditionally tend to focus more on defensive measures in cyberwarfare, they lack a concrete policy of recruiting in the same way that authoritarian powers aggressively hire threat actors.

“You do not have [Western] governments telling rogue groups to prepare for an attack,” said Wollman. “Governments are funding rogue groups in the eastern hemisphere, while governments in the West are more focused on general policies and protecting their own assets. So you don't see, for example, the UK government starting to fund rogue groups to attack a Russian website. This is not how democratic governments work.”