RUSSIA’S invasion of Ukraine has caused disruptions across the global economy, from food to energy, but it has also prompted an increase in the number and sophistication of cyberattacks, exacerbating similar impacts from the Covid-19 pandemic.
According to a recent poll of 800 chief audit executives conducted by the UK-based Chartered Institute of Internal Auditors, 77 per cent of respondents thought the war had elevated cybersecurity and data-security risks.
Indeed, senior cybersecurity analysts have said that the invasion has been accompanied by a sustained cyber-conflict, with a large number of attacks and threats launched since February. On February 23, one day before Russia’s military forces invaded Ukraine, a wave of distributed denial-of-service attacks attributed to Russian hackers disabled Ukrainian government, military and bank websites.
That same day, US and UK intelligence agencies warned that a Russian state-backed hacker group known as Sandworm had created a new malware called Cyclops Blink. US government officials announced in April that they had disrupted the malware, but worries remain.
While cybersecurity officials say that Russia has primarily focused cyberattacks on Ukrainian companies and infrastructure, rather than on targets in the EU, the US or emerging markets, there are nevertheless concerns that cyber-conflict could spill over as the war progresses.
An example of this was seen in the February 24 cyberattack on Viasat, a US satellite communications provider used by the Ukrainian military. In May EU, UK and US officials blamed Russia for the attack, which affected customers not only in Ukraine, but also throughout Europe.
Covid-19 contributes to cyberthreats
The increased threat of cyberattacks builds on the already heightened cybersecurity environment triggered by the Covid-19 pandemic. As financial transactions increasingly migrated online over the past two years, businesses around the globe became targets for hackers.
According to security vendor SonicWall, ransomware attacks were up 105 per cent in 2021, including a 1,885 per cent increase in attacks on government agencies, 755 per cent in the health care sector, 152 per cent in education and 21 per cent in retail.
Indeed, OBG has previously detailed how the pandemic heightened cyberthreats to the education sector and emerging markets with large digital industries. This threat has continued into 2022, with leading Nigerian betting platform Bet9ja announcing in early April that its website had been hacked by the BlackCat group, a syndicate of Russian hackers not believed to be aligned with the state.
This followed a ransomware attack on Bank Indonesia, the country’s central bank, in January, which was ultimately unsuccessful in disrupting public services and did not result in critical data being leaked.
Meanwhile, on February 27 the website of television broadcaster CNN Philippines was shut down after a cyberattack while the network was hosting a presidential debate in the lead-up to the country’s May 2022 election.
Cryptocurrencies have provided similarly fertile ground for hackers around the world. A record US$14 billion in digital currencies were transferred to illegal addresses in 2021, according to blockchain data platform Chainalysis, up from US$7.8 billion in 2020.
With cyberattacks on the rise in recent years, several emerging markets have taken steps to bolster security.
In late May Saudi Arabia’s National Cybersecurity Authority launched the National Portal for Cyber Security Services (HASEEN), a body that aims to develop and manage cyber-services, support communication mechanisms and enhance cybersecurity capacities. Once it is fully rolled out, all government agencies will be able to access HASEEN, which planned to have the capacity to offer its services to more than 400 national entities by the end of 2022.
Earlier in the year Saudi Arabia launched the initiative Wamda, which aims to develop the leadership skills of female Saudi cybersecurity specialists.
The country’s approach to increase its flexibility and readiness in order to neutralise attacks as they evolve could provide an example for others in the region.
According to market research platform MarketsandMarkets, the cybersecurity market in the Middle East is projected to grow from US$20.3 billion in 2022 to US$44.7 billion in 2028.
Another country that has taken notable steps is Nigeria, which in June announced that it had created cybersecurity toolkits for more than 41m micro-, small and medium-sized enterprises. Many other emerging markets have indicated that they will develop their own national strategies in the coming months. For example, Kenya announced in June that it planned to develop strategies to protect its digital ecosystem.
Meanwhile, in a sign of the global importance being placed on the issue, last week international media reported that the US and the EU were developing plans to fund secure digital infrastructure in developing countries. The proposal marks the first time the US and EU will work together to fund and protect other countries’ critical infrastructure from cyberattacks. Initial projects are slated to take place in countries in Africa and Latin America.
Regional variations in cyber-risk
While cybersecurity awareness is rising globally, some regions remain at greater risk of attack than others.
According to the most recent Cyber Risk Index for the second half of 2021 – developed by Japanese multinational cybersecurity software company Trend Micro in partnership with the Ponemon Institute – Latin America recorded the highest level of risk, followed by Europe, North America and Asia Pacific, which was perceived to have the lowest threat. Africa was not included in the report.
Although the report noted that the global rise in cyberthreats in 2021 had largely stemmed from the pandemic and the increase in remote work, Latin America’s elevated risk was attributed to the lower level of perceived readiness of the region’s organisations when it came to responding to cyberattacks.
Last year the number of cyberattacks in Latin America increased by 600 per cent, according to cybersecurity company Fortinet. Mexico was the target of 54 per cent of the 289 billion attempted attacks, followed by Brazil (30.6 per cent), Peru (four per cent) and Colombia (3.9 per cent).
Elsewhere, Costa Rica has also experienced several waves of attacks in recent months, including 30 against public institutions in a single month earlier this year.
Africa is another region that is confronting elevated cyber-risk.
According to the Global Cybersecurity Index 2020, the most recent edition released by the UN’s International Telecommunication Union, just seven African countries were ranked in the top 50, three of which were in mainland sub-Saharan Africa.
As nations take stock of the risks and potential damages of cybercrime, it is expected to lead to greater demand for innovative solutions such as cyberinsurance. According to Vantage Market Research, the global market for cyberinsurance is projected to reach US$28.5 billion by 2028, up from US$7.5 billion in 2021.
This column was produced by the Oxford Business Group.