International intelligence and collaboration more and more clearly obvious the key to managing cybersecurity risks

It is not an exaggeration to say we live in unprecedented times. The war in Ukraine has disrupted energy supply chains, while rapidly rising inflation and continued fallout from the Covid-19 pandemic continue to impact many facets of our lives. 

Economic uncertainty arising from the war in Ukraine has provoked a massive energy price shock not seen since the 1970s, which is taking a heavy toll on the world economy. Moreover, a crisis of the globalization model we know today and the need for conventional neoliberal economic models to adapt to a new normal that better balances local as well as global interests have further worsened the situation.

These phenomena, according to some analysts, have generated a status of permanent crisis, called “permacrisis” – the word of the year in 2022 according to Collins Dictionary – a situation that can only be managed, not resolved. 

The return of war in Europe has also served as a wake-up call for those questioning the EU’s approach to security and its ability to defend its interests, particularly in cyberspace. As Asia Pacific’s cybersecurity industry continues to mature, it is essential the region learns from their European counterparts – or risk getting caught within the crossfire.  

So how is this uncertainty impacting the cybersecurity of our businesses, our public and private institutions, and our democratic values? Is the cyberspace particularly at risk from cyber criminals and nation state actors looking to capitalise on this ‘opportunity’? 

Concerns mount as cyber-attacks spiral  

At Trellix, our elite team of security researchers that make up our Advanced Research Center continually investigate the threat landscape to provide insightful and actionable real-time intelligence. 

What we have observed is concerning. Nearly half (46%) of advanced persistent threats (APT) activity monitored appears to originate from Russian- and Chinese-backed groups. Additionally, cyber as statecraft in the areas of espionage, warfare and disinformation are actively in use by both in service of political, economic, and territorial ambitions. 

The war in Ukraine has also seen the emergence of new forms of cyberattacks. Hacktivism has potential to increase in scale as people supporting both the Russian and Ukraine/Western regimes become savvier and more emboldened to deface sites, leak information and execute DDoS (denial-of-service) attacks.

These individuals are emboldened by a lack of central leadership, along with their desire to attract media attention. They also undertake influencing campaigns, leveraging social media to spread propaganda and misinformation to shape public opinion. 

John Fokker, Head of Threat Intelligence, Trellix

Other more traditional forms of cyber-attacks persist. Socially engineered ploys to deceive and manipulate individuals into divulging confidential or personal information, such as phishing, remain prevalent. Organizations, therefore, cannot and should not overlook the importance of employee education and email security solutions.  

The war has also seen a merging of physical and cyber conflict as both sides combine the use of Wiper malware along with kinetic military activity. Wipers are not new, but they have never been observed on this scale.  

International collaboration to outpace adversaries 

A key lesson we can draw from the conflict is that to address nation-state threats to democracies, we must outthink the adversary, something that requires constant collaborative efforts from public and private actors. Outthinking them also means out-innovating them. 

Today, there is much focus on governments and industries retaining and protecting sensitive personal data from foreign law enforcement authorities by storing their data locally, within their country of operation and residence. 

Whilst we do not support such laws, or standardization efforts, global threat intelligence offerings can meet the growing desire for on-premise solutions, without sacrificing security. In these uncertain times, it is essential that customers have the choice to shift away from legacy threat intelligence architecture and solutions such that they can bolster their security perimeter whilst maintaining their data privacy needs. 

Above all, in the current environment, organizations need a trusted cybersecurity partner – a practitioner with the capability to gather data proactively, and one with a platform that can assimilate multiple threat feeds into a constantly evolving defensive posture in real-time.  

Intelligence: the key to building resilience 

An Intelligence Group in these times therefore becomes key – helping organizations to detect trends ahead of the market and advise customers, all while coordinating with government and industry partners to provide visibility into the evolving threat landscape.

Partners, such as The Trellix Advanced Research Center’s Threat Intelligence Group, are what organizations must look towards so that they can operate with a ‘shields up’ approach, which goes far beyond endpoint detection – allowing them to build defences for resilience and ensure they have the capability to detect anomalous behavior, even from legitimate tools.  

Additionally, leveraging such an Intelligence Group ensures that an organization’s customers, industry partners and global law enforcement are equipped with mission-critical insights and research on the threat landscape.

From APT groups and nation-state actors to cybercriminal organizations and their behaviors, global data feeds from deployed sensors across key threat vectors allow organizations to stay ahead of their adversaries.  

As the geopolitical and economic outlook remain complicated with a greater level of uncertainty than normal, many organizations may want to reconsider their spending priorities. Failing to prioritize investment in cybersecurity intelligence and analysis would be false economy in an environment of fast-evolving threats and strategies.

Coupled with the desire by some nation states to destabilize and attack critical infrastructures while sowing the seeds of disinformation, living security becomes an existential need, and not simply a nice-to-have.