David Critchley, Regional Director of UK and Ireland at the cyber platform Armis draws insights from new research to showcase the risk cyber warfare poses to democracy as well as society in a crucial election year.
The year 2024 will see half of the global population head to the polls. This includes elections in the US, Europe, Africa, India, and of course, the UK. While this should be a cause for celebration, the threat of cyber warfare is now jeopardising democracy.
The digital realm has erupted into an invisible war, where the UK is under constant attack. Yet, in this kind of warfare, everyone is on the front line; every company, every person. There are no borders. That’s what makes this such an effective form of warfare. It’s not simply about data breaches or financial gains either, these attacks are a calculated assault on public trust, aimed at destabilising economies, crippling entire systems and eroding the fabric of democracy.
A parliamentary committee accused the UK government of burying its head in the sand over the “large and imminent” national cyber threat it’s facing. Moreover, global tensions are only heightening this threat, with the National Cyber Security Centre (NCSC) recently exposing Russian intelligence services attempting to interfere in UK politics and its democratic processes.
Now, 37 per cent of IT leaders in the UK believe that cyber warfare could affect the integrity of an election, spiking significantly from those within the three major pillars of our society: government (60pc), healthcare (67pc) and financial services (71pc). Make no mistake, the nation is teetering on the precipice of a digital catastrophe. And democracy is in danger.
On a tightrope
The NCSC highlighted that all types of cyber threat actors – state and non-state, skilled and less skilled – are using and weaponising AI, amplifying their ability to cause harm and supercharging the volume and impact of cyber warfare. Combine that with the rising geopolitical tensions between the UK and Eastern Axis enemies, and we’re entering a very fragile situation.
Adding insult to injury, the Russian state has also played a proactive and malign role in attacking elections held in the West for years, which is why 45pc of UK organisations say that Russia poses a greater threat to global security compared to China. With the UK general elections expected sometime in November 2024, the nation needs the government to step up its cyber defences.
Yet, over half (52pc) of UK IT leaders lack faith in the government, believing it can’t defend its citizens and enterprises against an act of cyber warfare. What’s worse, it’s a significant change in sentiment compared to a year ago when 77pc of UK IT leaders had confidence in the government. It’s now simply failing in its first duty: “To keep citizens safe and the country secure”.
In addition, new research shows that 45pc also say cyberwar can result in cyberattacks on the media. Nothing is safe and the seeds of discord have been planted. From Russian-based disinformation campaigns spreading false content about the Princess of Wales on social media to China attacking UK lawmakers and the national election body, nation-threat actors are destabilising society and democracy is simply balancing precariously on a tightrope.
Despite this, almost half (46pc) of IT leaders say they’re unconcerned or indifferent about the impact of cyber warfare; a 13pc year on year increase. Yet, it’s not indifference but rather a result of being overwhelmed. A lack of automation has left 29pc of cybersecurity teams feeling overwhelmed, hindering security and IT professionals from effectively remediating or prioritising threats. Faced with a further deluge of information, the mounting pressure to maintain constant vigilance and a lack of resources, it’s easy to understand why some IT leaders are seemingly indifferent.
However, this is not an excuse for inaction. Especially with democracy on the line. If we’re to mitigate the threat of foreign interference within the electoral process – and avoid democracy being knocked off the tightrope – a proactive approach must be taken.
Matters into our own hands
In the face of these escalating threats, it’s crucial for the government and organisations to proactively rebuild national confidence by enhancing defensive cybersecurity strategies. And that starts with being able to see the entire attack surface. To effectively defend against cyber threats, you need to know what you’re up against. That’s why organisations must conduct a comprehensive assessment of their attack surface. This means mapping out all the entry points and vulnerabilities that could be exploited by bad actors and investing in technology that can help identify and monitor any threats.
With tens of thousands of physical and virtual assets connected to any organisation’s networks on an average day, and over 40 per cent remaining unmonitored, its time organisations start defending against current threats while also positioning themselves for the dynamic challenges and evolving vulnerabilities that lie ahead.
With that, it’s important to remember that not all vulnerabilities are created equal. In 2023, the cybersecurity community identified and dealt with an astonishing 65,000 unique Common Vulnerabilities and Exposures (CVEs), yet the patch rates for critical CVEs remained noticeably lower than others. Put simply, organisations are failing to prioritise the right vulnerabilities.
From a deluge of data and too many different tools being used to manage assets connected to a network, organisations must instead equip themselves with the right tools to combat cyber warfare. Implementing technology that can help teams understand and focus on the vulnerabilities affecting assets, particularly ones that are critical to the core function of the organisation, or are in a vulnerable context, is now a necessity for a robust cybersecurity posture.
Additionally, as cyber warfare tactics are constantly evolving, organisations must stay ahead of the curve with continuous threat intelligence. Solutions that act as an early warning system, using AI and machine learning to scan the dark web, whilst setting dynamic ‘honeypots’ for bad actors, provides actionable data ahead of vulnerabilities, attacks and impacts.
By combining these early warning systems with automation and other AI-powered solutions, security teams can proactively address threats. After all, nation-state actors are increasingly using AI for attacks, so it’s time to start using it for defence.
Building a digital defence
Global attack attempts more than doubled in 2023, increasing 104pc and, when combined with rising geo-political tensions, the UK has found itself in the crosshairs of bad actors, nation-state or otherwise. With 2024 being such a crucial year for democracy, it’s time organisations – as well as the government – come together to rebuild national trust. The time to act is now.
Starting with a robust investment in cybersecurity, with the deployment of AI-driven tech that can see, secure, protect and manage the billions of assets around the world in real-time will be key in an organisation’s cyber defence. If government and organisations take a proactive approach, then there’s a chance we can still shield democracy from the threat of cyber warfare.
