The impact of the current geopolitical situation on cyber threats in critical sectors of the economy

Just as the pandemic changed the entire landscape of cyber threats, as discussed in November 2021 in MediaPlanet by Izabela Albrycht, Chair of the CYBERSEC Program Council and member of the board of Digital Europe, these changes are now deepened by the geopolitical situation in the world, and in particular the war in Ukraine.

New types of cyberattacks are being discovered every day and their sources have become increasingly dangerous. Not only the number, degree of sophistication and complexity of attacks are growing, but also the methods of operation of cybercriminals, who more and more often carry out attacks on behalf of third parties and use more and more effective tools. At the same time, international tensions in cyberspace are growing. Government-supported attacks are on the rise, including on critical sectors of the economy.

In particular, operators of critical infrastructure, such as water or energy suppliers, are at greatest risk. This is related to the radical changes that societies and economies, including those in European countries, are undergoing as a result of digital transformation. During this process, technical infrastructures come together to form an unified industrial Internet of Things (IoT). Connecting and networking corporate departments with different security requirements and business values creates ever-growing, complex system landscapes and thus new targets for cybercriminal attacks.

As these attacks become more sophisticated, there is a need for widespread use of effective industrial network monitoring instruments to provide alerts on unusual or suspicious behaviour. The resilience of the European economy depends on how quickly we can detect and respond to such cyber threats.

The trend of the European community towards decentralized energy production poses an additional challenge to establish an adequate cyber defence, and the increasing digitization of processes intensifies this need. In this situation, attackers are not focusing solely on large corporations or CRITIS (Critical Information Infrastructures Security) operators, but increasingly on small and medium-sized enterprises (SMEs). Therefore, ensuring the required level of cybersecurity has become an important challenge for SMEs. According to the Verizon 2019 Data Breach Investigations Report, 43 percent of cyberattacks today target small, not large, companies. ENISA, the EU agency responsible for cybersecurity, estimates that the cost of a security incident in the EU is typically between €213,000 and €300,000. The most common problems include malware and hacking attacks on the IT infrastructure of SMEs, which in the vast majority do not have the resources and know how to effectively counteract such threats.

In the current geopolitical situation, these companies face completely new threats. Without widespread use of solutions to protect industrial IT infrastructure, economies face the risk of data destruction, industrial espionage, sabotage, data and digital identity theft, blackmail and loss of publicity. The increasing number of targeted cyberattacks (Advanced Persistent Threats, APT) are usually detected too late or not at all.

Increasing complexity and variety, multi-layered obfuscation (detection evasion, use of so-called obfuscation and anti-analysis techniques) and intelligent propagation algorithms make adequate, innovative IT security concepts and strategies necessary to detect targeted attack attempts and strengthen the resilience of industrial companies. SMEs cannot meet these challenges on their own due to a lack of human and technical resources. Continuous intensive and effective efforts are needed in this regard. Otherwise, these companies, and in turn entire economic systems, risk further loss of digital sovereignty. The complexity of today’s attacks can only be overcome with intelligent and automated monitoring procedures. Machine learning (ML) algorithms help to quickly detect anomalies such as breaches and malware activity, and detect network attackers by finding patterns in datasets. However, this requires more than just algorithms.

Procedures must be integrated with the existing infrastructure. This situation requires a holistic approach that covers the entire incident response process, not just individual steps. At the same time, such solutions must be open to expansion and keep up with the ever-changing threat landscape. Respectfully improved operational threat intelligence and response platforms are needed.

In addition, one aspect needs to be improved in existing approaches and solutions. The key is to support of emergency services, such as Computer Emergency Response Teams (CERTs) and also law enforcement authorities. Time is the most important factor in successful responding to an incident and fighting a cyberattack. It is also necessary to quickly collect and analyse relevant, formalized information at one point and to ensure all the requirements related to the need to use computer forensics for this purpose.

Original article published as part of the “Cybersecurity” educational campaign conducted on behalf of the MediaPlanet publishing house. Authors of the original version are Marek Wierzbicki and Jerzy Kosiński, PhD – experts of the Polish Platform for Homeland Security. Translation prepared by Communication & Dissemination Team of PPHS.