Londerzeel, Wednesday October 12, CIONET Belgium's 6th community event of the year “Cyber War & Business Risks” takes a deep dive into cyber warfare, and the threats it represents to our enterprises. The first panel consists of four subject matter experts in cyber warfare, including “OccupyTheWeb”, a prominent leader of the white-hat-hacker community that is heavily involved in the Ukrainian war. A unique panel with a lot of critical insights into past and ongoing nation-state cyber threats and warfare acts. The second panel then looks into concrete examples of impacted businesses, how they dealt with cyber attacks, and how we need to prepare to be more resilient in the future.
Panel 1: The magnitude of Cyber Warfare
Cyberwar is not something that might happen in a far-off realm; it is something that happens today on the internet we all use. The focus of the event is to get a deeper understanding of what is really happening in the world of cyber warfare, and what threats we are facing. But, mostly, how we can anticipate and start being more resilient.
According to Thomas Colyn, CISO at DPG Media Belgium and former Security Manager of the Belgian Defence, and Graham Ingram, CISO at the University of Oxford, warfare has reached a tipping point, in a sense that cyber has become as important as kinetic or regular warfare. Cyber is a new weapon. One that is as important as conventional weapons. Most cyber wars are fought by state actors. But non-state actors, such as hacktivists like OccupyTheWeb are entering the game aswell. Moreover, there are a lot of grey zones between cyberwar and e-crime. You will find state-actors shopping on the dark web buying services and intelligence… e-crime indeed has a supply chain and a network-business model. The lone criminal hacker performing an end-to-end attack is an illusion. The dark web is a marketplace where everyone can basically buy every component needed for setting up a cyber attack.
There is a whole new group of hackers becoming highly skilled in cyber warfare. One estimates their numbers up to 300.000 today. An important question to ask ourselves is: What when the war ends? What will happen with all this mastered cyber knowledge and all these cyber weapons? Conventional weapons often go on the black market once a war is over. Will these cyber weapons and cyber warriors also become available (on the dark web)?
E-crime actors are evolving towards greater diversification than ever before. Diverse criminal groups are starting to collaborate on cyber-operations, which improves their effectiveness tremendously. At a global level, the number of cyber-attacks was consistent up until the second quarter of last year. When looking at the ongoing conflict between Russia and Ukraine, the Russian actors tend to revert to classical warfare as the element of surprise has gone.
As to Christian Heggen Strategic Threat Advisor at CrowdStrike, 70 percent of intrusions are malware free. Hackers are indeed often operating with very low-tech means.
OccupyTheWeb is an author of ethical hacking manuals and provider of online hacking courses. White hat hackers were traditionally penetration testers, testing the security systems of institutions. Still, OccupyTheWeb insists on redefining the role of a white hacker into someone who has the moral obligation of making the world a safer place. Together with more than 10.000 hackers he has been involved in cyber attacking Russia, first launching massive DDOS attacks shutting down government and military installations, and since recently attacking the Russian infrastructure and
industrial installations. Since the Ukrainian government reached out to them, they have worked together, using the Telegram channel to communicate. According to OccupyTheWeb, the Russian cyber war capabilities seem to be less strong or sophisticated than what was anticipated. The Russian hackers have not been very effective. We all overestimated the Russian army and cyber army.
Today, we are at a turning point in the war, and we must be aware that Russia could start attacking outside of Ukraine. The greatest threat to Europe is them attacking our industrial infrastructure.
Panel 2 – Business Risks
What is the potential impact of cyber warfare on our businesses? It is crucial, as a business, to not only have a defensive mechanism but to also have resilience capacities. It is all about defending, preventing, and reacting to these cyber strikes.
According to Georges Ataya co-founder and VP of the Belgian Cyber Security Coalition, cyber threats are still too much seen as a technical issue. CISO, CIO and the board have a common responsibility. With basic cyber hygiene, we can protect ourselves up to 90 percent against these cyber-attacks. It is essential that all organisations take precautions. Even as an SME.
According to Gregory Cardiet from Vectra, 87% of small businesses that are hit by a severe cyber attack, file for bankruptcy. The business damage is catastrophic in most cases. But the impact on the people is certainly as devastating, but often neglected, as he can testify from experience. But as humans are breakable, what about AI and Machine learning? Can it help us protect ourselves against these cyber threats? Machine Learning allows us to figure out or predict what we have to look for.
Ari Van Hoe, Executive Manager of Law & Enterprise at VBO FEB, stresses we have a lot of critical sectors that we need to protect: the ports, airports, the nuclear sector etc. As a country, we must take as many precautions as possible. The key focus is to start creating more awareness, this starts with the companies involved, they are obliged to come up with a solid plan according to the NIS directives, but the other companies and the government needs to set one as well.
Our government in Belgium is already doing a lot, but is it sufficient? Most companies are not as aware of the risks involved in these cyber-attacks as they should be. Our government should play a more active role in this and focus more on sensibility and prevention. Because we are seeing an increase in cyber incidents, with a much bigger impact than before. We should be bringing all stakeholders around the table and start creating more awareness about the difficulties and try to help and assist each other. This way we can create a situation where public and private companies help those enterprises who have suffered from a cyber-attack.
Are cyber-attacks covered by your insurance?
We are at a stage of a lot of uncertainty. Firstly, the insurance companies themselves are dealing with a lot more uncertainties. They do not know what they are or should be insuring. And secondly, the holders do not know what is insured or what is included in their insurance policies. Today, if a cyber attack is due to a state-actor your insurance classifies it as an act of war, which means that you are not insured.
According to Joris Weyn, Security Specialist at Delen Private bank, being resilient means accepting that a cyber-incident can happen and preparing for the impact of these attacks. You also must know that if you are paying ransom you are funding a criminal organisation and thus supporting a vicious system. Sometimes it is even better to start from scratch than to give in to these e-criminals. You always must ask yourself what data is essential for you and your company, and how much are you ready to spend to protect your business.