Developing an effective cyberwarfare response plan

In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats.

How has adopting AI transformed the nature of cyberwarfare, and what specific capabilities does it offer to threat actors?

AI has transformed the nature of cyberwarfare. Threat actors can amplify the scale and sophistication of attacks in a way they haven’t been able to do so before. Armis Labs has identified several threat actors actively using AI to advance their cyber capabilities, including Russian-affiliated Forest Blizzard (APT28), North Korean hackers Emerald Sleet (Kimusky), Iranian threat actors Crimson Sandstorm (Imperial Kitten), and Chinese state-affiliated groups Charcoal Typhoon (Aquatic Panda) and Salmon Typhoon (Maverick Panda).

AI also lowers the barrier to entry for even the most unsophisticated attackers. Launching AI-powered malware, phishing campaigns and denial-of-service attacks no longer need the deep technical expertise that was once required.

AI’s potential in cyberwarfare also introduces the ability to automate and tailor attacks, making them more precise and difficult to detect. As these tools become more widely accessible, cybersecurity professionals should anticipate a surge in cyber espionage campaigns, nation-state attacks and the exploitation of new vulnerabilities stemming from an expanding attack surface.

The only way to combat AI-powered threat actors is with AI-powered defensive tools. Fortunately, defenders have the advantage of in-depth knowledge of their own environments, giving them a significant edge over attackers who are working from the outside. This data advantage allows security teams to better train AI models to detect potential threats with greater speed and precision.

Given the erosion of trust in government capabilities, how should organizations and individuals prepare for the increasing threat of cyberwarfare?

Armis’ recent research revealed that forty-six percent of global IT leaders believe their nation’s government cannot protect citizens and organizations from cyberwarfare threats, which is why it’s essential that organizations take it upon themselves to improve their own cybersecurity posture. The first step in doing this is shifting from a reactive to a proactive cybersecurity stance. To do this, organizations need a comprehensive strategy that proactively identifies and mitigates cyber asset risks, remediates security findings and vulnerabilities, and protects the entire attack surface. The end state is having the ability to continuously see, protect and manage all assets connected to the network – from the ground to the cloud.

Organizations can also ensure they’re prepared against cyberwarfare by making security a core pillar of their culture. For example, employee education programs can bring more awareness to these threats and promote cybersecurity best practices like regularly updating passwords and enabling multi-factor authentication.

With digital transformation projects being stalled due to cyberwarfare risks, what strategies should organizations employ to protect innovation and maintain growth?

Despite global spending on digital transformation expected to reach $3.9 trillion by 2027, 60% of IT leaders worldwide say that digital transformation projects have stalled or stopped entirely due to cyberwarfare risks – with technology being the most impacted sector.

While cybersecurity funding remains a challenge for organizations, the bigger concern is how organizations prioritize their security resources. Many spread themselves thin across too many security initiatives, reducing their overall defenses. More troubling, only 23% of global IT leaders say their organization prioritizes preventing nation-state attacks.

To protect digital transformation projects and keep them progressing, organizations need to make cybersecurity an integral part of their digital transformation strategies, not an afterthought. This means incorporating security into the initial planning stages and focusing on clear, strategic objectives, rather than spreading budgets too thin across various initiatives.

What are the essential components of an effective cyberwarfare response plan?

To effectively develop a cyberwarfare response plan, organizations need to take a step back and ensure they understand their own environment so they can defend and manage the entire attack surface in real time. As such, they should focus on the following key areas: situational awareness, prioritization, and action and remediation.

First is situational awareness. Organizations need complete visibility over their entire digital environment, and this starts with understanding exactly what assets they have and how they interact with each other.

Once security teams know what assets are on their network, actionable threat intelligence is one of the best tools to detect early warning signs and help to prioritize the most critical assets vulnerable to attack. They can pull insights from various sources – including the dark web, smart honeypots and human intelligence – to anticipate threats, understand their potential impact and take preemptive measures to neutralize them.

When it comes to action and remediation, teams must find and consolidate security findings across all sources to holistically understand risk to the attack surface and automate remediation. In doing so, they have a clearer understanding of what to fix, who is responsible and how it should be fixed.

Overall, with constant vigilance and staying “left of the boom,” organizations can mitigate and prevent attacks before they occur.

How can collaboration between the public and private sectors be improved to create a more cohesive defense against cyber threats?

The cybersecurity challenges we’re facing go beyond any one organization, agency, government or individual. Knowledge sharing and continuous collaboration are critical to keeping society safe and secure.

Encouragingly, the level of cyber information sharing between the private and public sectors has drastically evolved in the last decade, and we’ve already seen progress with initiatives like CISA’s Shields Up program in the U.S. and the National Cyber Security Centre’s Cyber Assessment Framework in the UK.

There’s still work to do though, particularly around AI threats. While both sectors are keenly aware of how AI will continue to influence so many aspects of business and society, it’s important that the private sector not wait for the government to lead, and vice versa. As both sectors increase collaboration and AI-related information sharing, I expect to see more public-private partnerships in the year ahead.