Armsasset visibility and security company, disclosed the findings of the Armis State of Cyber ​​Warfare and Trends Report: 2022-2023, which measured the perceptions of global IT and security professionals regarding cyber warfare. It revealed that while 84% of UK organizations said they have programs and practices in place to respond to the threat of cyber warfare, only a third (32%) said their plans are validated by best practice frameworks, which is below the global average of almost 40%. Additionally, 57% of UK organizations have stopped or stalled digital transformation projects due to a cyberwar threat, which is slightly higher than the global average of 55%.

    The threat of cyber warfare is growing

    The Russian invasion of Ukraine has not only dramatically upended the lives of countless people in a sovereign nation, but it is also causing geopolitical shockwaves of cyber warfare that will reverberate for the foreseeable future. Today’s goals extend far beyond the top levels of opposition governments; any organization is a potential victim, with critical infrastructure and high-value entities topping the list. The study shares responses from more than 6,000 respondents globally and across multiple industries including healthcare, critical infrastructure, retail, supply chain and logistics, and more.

    The study showed that cyber warfare was one of the lowest priorities for UK organizations – despite a majority of organizations (59%) agreeing that the threat of cyber warfare has increased since the start of the Ukrainian conflict, and 62 % saying they are somewhat or very concerned about the threat of cyber warfare to their organizations. In the UK, for example, 42% of security professionals said they had to report a cyberwar incident to the authorities, which is significantly higher than the European average of a third of companies, but lower than the global average of 45%. Additionally, 28% of UK organizations reported more threat activity on their networks in the last six months compared to the previous six months.

    In addition, other UK findings that Armis noted were:

    Almost half (46%) of UK security professionals said they were reconsidering their suppliers following the Ukraine conflict.

    Almost three-fifths (57%) of UK security professionals favor being drafted into a cyber defense league if the UK is drawn into a cyberwar conflict.

    Almost one in ten UK businesses (9%) spend less than 5% of their IT budget on cybersecurity, while the majority (43%) spend between 5 and 10%.

    When it comes to paying ransomware, almost a quarter (24%) of security professionals in the UK said they have an “always pay” policy, while a quarter (25%) have an “always pay” policy. never pay” and 31% would only pay if customer data was at risk.

    The UK has relatively high confidence in their government’s protection against cyberwar threats (77%), while the European average of only 67% has confidence in their government.

    What does this mean in light of Network and Information Systems (NIS) regulations?

    A majority of organizations in the UK somewhat (46%) or strongly (25%) support the extension of NIS regulations to all businesses, while 27% remain indifferent to the legislation. Historically, NIS regulations applied to operators of essential services and relevant digital service providers, but have since seen updates in the NIS2 iteration that extend to “important” services as well.

    The study also looked at the adoption of NIS by UK security professionals and found that only a third (33%) strongly agreed that they had mapped their cybersecurity programs to the NIS. .

    Additionally, 78% of organizations somewhat (41%) or strongly (37%) agree that they review cybersecurity risks from immediate suppliers, with 34% strongly agreeing that they are able to address vulnerabilities in their supply chains. However, when broken down into industry sectors, OT sectors in the UK fell significantly below this benchmark average of being able to confidently address supply chain vulnerabilities at 28%. Almost half (46%) of UK security professionals across all sectors said they were reconsidering their suppliers as a direct result of the Ukraine conflict.

    “The first of the minimum requirements for NIS2 is to have adequate risk analysis. This alone is a major issue for many critical or important entities, as risk analysis is based on an understanding of the critical assets that make up the function. essential, and for most organisations, an up-to-date and accurate asset register is either non-existent, non-existent or at best partial,” said Andy Norton, European Cyber ​​Risk Officer at Armis. “To validate that cybersecurity spend is not just a house of cards, it will be vital for organizations to prove that their risk analysis is adequate and appropriate and NIS2 compliant.The study indicates that UK organizations are taking steps to comply with new regulations and validate cybersecurity programs against best practices, but also that much more needs to be done.

    For more information on the Armis Cyber ​​Warfare State and Trends Report: 2022-2023, including the availability of the full report, visit: https://www.armis.com/cyberwarfare/

    Methodology

    Armis surveyed 6,021 IT and security professionals in companies with over one hundred employees in the UK (1,003), USA, Spain, Portugal, France, Italy, Germany , Austria, Switzerland, Australia, Singapore, Japan, the Netherlands and Denmark. These findings were collected between September 22, 2022 and October 5, 2022 and depict the state of cyber warfare around the world across various regions and industries.

    Source link

    Leave A Reply