Sjouwerman-Stu_KnowBe4_SocialCapital "Now, with developments of technology and the business acumen of modern-day hackers, we are seeing non-state attackers purchase nation-state-grade cyber tools through the dark web," says Stu Sjouwerman. Photo: KnowBe4 Inc

As I write this piece, the horrific invasion of Ukraine by Russia is continuing to escalate with countless lives lost and families broken.

While this hot war rages on across the land, the online cyberwar, as a result of this conflict, has started to escalate. The latest information from some of the world’s leading governments has raised the alarm bells, warning enterprises to revisit their cybersecurity responsibilities and to do their best to reduce the risk of a potential attack.

Most at risk is critical national infrastructure, vital to society and everyday life. Data and systems must always be protected, but, should any of these be impacted by a national emergency or a cyberattack, then the potential dangers they could pose to the public could be catastrophic. This, unfortunately, is the reality we are faced with, and the conflict between Ukraine and Russia has heightened cybersecurity on a global scale, both in terms of the attacks witnessed and the defenses deployed.

Threat of nation-state attacks

During the first quarter of 2022, much of the news cycle focused on the Russia-Ukraine conflict, and rightly so. Within this, we saw a number of cyberattacks against Ukrainian governmental organizations, financial institutions and even individuals with the aim of causing disorder and crippling the country. Malware and DDoS attacks have been widely used with some of the attacks performed by Russian APTs and the Russian Main Intelligence Directorate (GRU).

Nation-state cyberattacks have certainly evolved. Gone are the days where these were the exclusive activity of state actors against state targets. Now, with developments of technology and the business acumen of modern-day hackers, we are seeing non-state attackers purchase nation-state-grade cyber tools through the dark web. These are then morphed and used against private businesses and the public.

Such attacks have been ever present over the years, with examples documented before the Russia-Ukraine conflict. For instance, 2021 saw a string of high-profile ransomware attacks that included the Colonial Pipeline attack , considered the largest cyberattack on an oil infrastructure target in the history of the United States. A state of emergency was announced by President Biden due to the shortage of fuel. Then, there was the JBS meatpacking company , the world's largest meat processing company, which suffered a separate ransomware attack and paid $11 million to get its systems operational again.

Nation-state hackers have a wide range of motivations behind their attacks, and these can have major consequences for governmental and private enterprises. From spying to stealing sensitive information or simply conducting the attacks for financial gain, the end results can be extremely costly -- and no enterprise is safe.

The rise of deepfakes and deception

Another threat tactic on the rise and gaining traction amongst the nefarious cyber underworld is the use of synthetic content for malicious intent. This is also known as deepfakes. Deepfakes are an audio or video clip that is created or altered using AI (Artificial Intelligence) or machine learning to represent someone saying or doing something they have not.

The use of deepfake technology has risen, especially across the dark web where hackers have uploaded customizable deepfake kits that have capabilities in avoiding detection from security tools. This form of enhanced social engineering can cause chaos on a global scale. For example, a deepfake can easily portray a politician inciting violence, which could lead to rioting or further unrest in times of war.

A recent case in point was a deepfake of Ukrainian President Zelenskyy asking his troops to lay down their weapons and surrender to Russia. At face value, the video seemed convincing, especially to those who may be oblivious to who President Zelenskyy is, what he looks like or how he sounds. However, for those paying attention to the deepfake, the President’s head was too large and more pixelated than his body, while his voice sounded much deeper than usual.

Such cyberattacks are the new frontlines of modern warfare, and disinformation is becoming a critical weapon that must be neutralized. Having individuals aware as to how to verify such content will be invaluable as more deepfake attacks emerge.

Destructive and disruptive malware always a constant

While deepfakes are a relatively new threat, the use of malicious malware has been an ever-present issue since the dawn of computers -- 1971 to be exact, when the Creeper virus was created. Fast forward over 50 years, and the level of sophistication and destruction found in modern malware is borderline unfathomable. Indeed, during the Russian invasion of Ukraine, a data-destroying malware has been recently detected targeting Ukrainian institutions with the aim of erasing data across all compromised networks. Dubbed CaddyWiper , it is the fourth data wiper malware witnessed in Ukraine and is another example of the hybrid-warfare tactics that are being used during this conflict.

While these specific malware threats seem to focus on Ukrainian businesses, there is always the possibility that they can spread and impact on a global scale. In 2017, the NotPetya cyberattack initially began crippling organizations in Ukraine, but quickly spread across Europe and the United States. Widely considered to be one of the most destructive cyberattacks ever, the disruption caused by NotPetya cost more than $10 billion, with CNI and businesses from a variety of industries affected.

Such malware attacks demand a lot of resources and usually require a collective effort between governments and private cybersecurity companies to thwart and mitigate. Having technological defenses in place is certainly required for organizations, but the need for widespread improvement in security culture has never been greater.

Building your resistance with security culture

Security culture is the foundation of any defense program because it influences the security strategy and the ability for an organization to protect its systems, information, privacy and people. While many are understanding the importance of security culture, and the need for it to be a long-term strategic approach that encompasses communication and culture, there is still a significant percentage who do not.

To speak plainly, the organizations that assess their security practices regularly and test employees’ security awareness, behaviors and culture are the ones that can adapt quicker to the evolving cyberthreat landscape.

Those that cannot adapt in time may fall to ransomware, phishing and social engineering attacks. Realize the time to build a robust security culture is not tomorrow, next week or next month; it is today. The most impactful way to address this is to ensure individuals receive security awareness training so they are alert and vigilant to the latest attack methods.

Having this additional layer of security is paramount, and enterprises that have strong security culture are 52 times less likely to have employees practice poor security behavior that could lead to a data breach or a loss in brand reputation or revenue. Education is invaluable, so having a workforce aware of common cyber tactics such as phishing can significantly reduce the probability that an organization would suffer a cyberattack.

With that said, security is about finding a balance between the human element of security and software, so having the necessary defense systems in place is just as important. Ensure multi-factor authentication is deployed; systems and tools are patched and updated; there are secure backups, incident plans and recovery strategies in place and tested regularly; and that monitoring is being done continuously.

Being proactive with these steps is the difference between prevention and intervention.

Closing thoughts

The start to 2022 has been difficult and unexpected for several reasons, but it is not all doom and gloom. A dangerous cyber war is being played out, but this can spearhead a change in the mindset and approach of governments and businesses as well as everyday citizens. We are seeing organizations of all sizes and industries incorporating security awareness training to build a stronger security culture.

Moreover, leading governments are taking proactive steps, with the UK providing guidance on how to tackle cyber threats and the U.S. establishing the CISA Cybersecurity Advisory Committee with the country’s best cybersecurity experts to strategize how the nation tackles cybersecurity.

With the cost of suffering a cyberattack resulting in data stolen, fines and penalties, legal costs, reputation damage, and losses in customer confidence, the majority of organizations are not prepared to stand by idly. Implementing a layered, defense-in-depth approach to security can make the difference in surviving this digital war; and security culture should be at the heart of it.

Cybersecurity and cybercrime are playing a cat-and-mouse game. Yes, hackers will continue to seek new techniques to cause disruptions and yes, we as security experts will continue to find better methods to stop them. It is a never-ending contest, but I am, as with the rest of the security industry, determined to make sure we come out on top.

(Stu Sjouwerman is the founder and CEO of KnowBe4 Inc.the world's largest integrated platform for security awareness training combined with simulated phishing attacks)