88% of IT pros say world is in permanent state of cyberwar

A Venafi study looked into what digital infrastructure will suffer from cyberattacks, which are most vulnerable, and what it means.

A recent survey of 485 IT experts and cybersecurity officials attending the 2020 RSA Conference in San Francisco last month found that nearly 90% believe the world is now in a permanent state of cyberwar. Security company Venafi conducted the survey as a followup to its findings in 2018, when 86% of 515 IT security professionals at the Black Hat conference in Las Vegas expressed the same belief. 

This year, 90% of cybersecurity pros said the near constant cyberattacks by militaries now left them concerned that digital infrastructure will suffer the most damage as a result. Another 60% of respondents said utilities like power, water and transportation, as well as healthcare, were particularly vulnerable to attack, with 19% telling Venafi researchers that power was the most vulnerable. Healthcare, transportation and water were all tied at 5%. 

"Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organizations. Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks," said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. 

"The sophisticated cyberattacks that are the hallmark of nation state attacks often target digital keys and certificates that serve as machine identities."

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)

Over the last decade, there have been dozens of devastating attacks on government systems and infrastructure by militaries, with the severity and impact increasing as the years go by. 

The hack conducted by the Chinese government on the United States Office of Personnel Management is one of the largest attacks to ever hit the government in the country's history. While officials initially estimated that the records of four million current and former government workers were hacked, a later analysis found that 21 million records were accessed. 

The trove of data even included information from background checks on people who were never hired by the government. The forms accessed by hackers had detailed information about candidates' family members, college roommates, foreign contacts and psychological information. They also stole millions of Social Security numbers, names, dates, places of birth and addresses.

"The bottom line is that the notion of war is changing from something that you do with bullets and guns on the ground to something you do with bits and bytes," said Jeff Hudson, CEO for Venafi. "Essentially, this is a war about compromising and controlling information. Once you fully understand that, it's pretty easy to see that we are in a full-on cyber war right now."

The Stuxnet attack, allegedly perpetrated by the governments of the United States and Israel, was relatively minor in its effects but has had wide-ranging implications when it was discovered in 2010.

It was one of the first examples of a government-led cyberattack that could destroy physical systems and structures, setting off a growing cascade of attacks that are increasingly blurring the line between military cyberattacks and those affecting infrastructure systems.

The Stuxnet worm destroyed Iran's 984 uranium enrichment centrifuges, essentially ruining most of its nuclear program by specifically targeting Siemens SCADA systems.

Outside of a few headlines, the attack had little impact on the US. But it kicked off a decade of attacks by dozens of countries that aimed to destroy architecture systems.

The Russian government later used similar tactics during its 2015 attack on Ukraine. For the first time in history, a government was able to shut down another country's power grid through a cyberattack. Stuxnet and the attack on Ukraine opened the door to increased efforts by adversarial countries to include cyberattacks in their arsenal of military weaponry.

"These critical security assets are often poorly protected and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data. Any organization that isn't protecting machine identities at least as well as they protect usernames and passwords is at greater risk of becoming a victim of a cyberattack," Bocek added. 

"And, unfortunately, these risks are unlikely to change in the near term because most organizations are just beginning to understand these risks."

Also see

Cybersecurity, computer hacker with hoodie

Getty Images/iStockphoto