Russia’s invasion of Ukraine in early 2022 has caused disruptions across the global economy, from food to energy, and prompted an increase in the number and sophistication of cyberattacks – exacerbating similar impacts from the Covid-19 pandemic.
According to a poll of 800 chief audit executives conducted by the UK-based Chartered Institute of Internal Auditors, 77% of respondents thought the war had elevated cybersecurity and data-security risks. Senior cybersecurity analysts have said that the invasion has been accompanied by a sustained cyber-conflict, with a large number of attacks and threats launched since the start of the war.
On February 23, 2022, one day before Russia’s military forces invaded Ukraine, a wave of distributed denial-of-service attacks attributed to Russian hackers disabled Ukrainian government, military and bank websites. That same day, US and UK intelligence agencies warned that a Russian state-backed hacker group known as Sandworm had created a new malware called Cyclops Blink. Although US government officials announced in April 2022 that they had disrupted the malware, worries remain.
While cybersecurity officials say that Russia has primarily focused cyberattacks on Ukrainian companies and infrastructure, rather than on targets in the EU, the US or emerging markets, there are nevertheless concerns that cyber-conflict could spill over as the war progresses. An example of this was seen in the February 2022 cyberattack on Viasat, a US satellite communications provider used by the Ukrainian military. EU, UK and US officials blamed Russia for the attack, which affected customers not only in Ukraine, but also throughout Europe.
Covid-19 & Cyberthreats
The increased threat of cyberattacks builds on the already heightened cybersecurity environment triggered by the Covid-19 pandemic. As financial transactions have increasingly migrated online since the outbreak of Covid-19, businesses around the globe have become targets for hackers. According to a 2022 report from security vendor SonicWall, global ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, with health care (755%), education (152%) and retail (21%) entities also seeing a notable rise in breaches.
The rapid adoption of digital solutions over the course of the pandemic heightened cyberthreats to the education sector and emerging markets with large digital industries. This threat has continued into 2023 and beyond. For example, leading Nigerian betting platform Bet9ja announced in early April that its website had been hacked by the BlackCat group, a syndicate of Russian hackers that is not believed to be aligned with the government.
This followed a ransomware attack in January 2022 on Bank Indonesia, that country’s central bank, which was ultimately unsuccessful in disrupting public services and did not result in critical data being leaked. Meanwhile, in February of that year the website of television broadcaster CNN Philippines was shut down after a cyberattack while the network was hosting a presidential debate in the lead-up to the country’s May 2022 election.
Cryptocurrencies have provided similarly fertile ground for hackers around the world. A record $14bn in digital currencies were transferred to illegal addresses in 2021, according to blockchain data platform Chainalysis, up from $7.8bn in 2020.
Security Measures
With cyberattacks on the rise in recent years, several emerging markets have taken steps to bolster security. In late May 2022 Saudi Arabia’s National Cybersecurity Authority launched the National Portal for Cyber Security Services (HASEEN), a body that aims to develop and manage cyber-services, support communication mechanisms and enhance cybersecurity capacities. Once it is fully rolled out, all government agencies will be able to access HASEEN, which planned to have the capacity to offer its services to more than 400 national entities by the end of 2022. Earlier in the year Saudi Arabia launched the initiative Wamda, which aims to develop the leadership skills of female Saudi cybersecurity specialists. The country’s approach to increase its flexibility and readiness in order to neutralise attacks as they evolve could provide an example for others in the region. According to market research platform MarketsandMarkets, the cybersecurity industry in the Middle East is projected to grow from $20.3bn in 2022 to $44.7bn in 2028.
Nigeria has also taken notable steps to improve its cybersecurity. In June 2022 it announced that it had created cybersecurity toolkits for more than 41m micro-, small and medium-sized enterprises. Many other emerging markets have indicated they will develop their own national strategies in the near term. For example, that same month Kenya announced that it planned to develop strategies to protect its national digital ecosystem.
In a sign of the global importance being placed on the issue, in June 2022 international media reported that the US and the EU were developing plans to fund secure digital infrastructure in developing countries. The proposal marks the first time the two will work together to fund and protect other countries’ critical infrastructure from cyberattacks. Initial projects are slated to take place in Africa and Latin America.
Regional Variations
While cybersecurity awareness is growing, some regions remain at greater risk of attack than others. According to the Cyber Risk Index for the first half of 2022, North America had the highest risk, followed by Asia Pacific, Latin America and Europe. Africa was not included in the report. Although the report noted a global increase in cybersecurity concerns in 2022, North America’s elevated risk was attributed to the lower level of perceived readiness of the region’s organisations when it came to responding to cyberattacks. Latin America saw a 50% increase in attempted attacks in the first half of 2022, compared to the same period in 2021, according to cybersecurity company Fortinet.
Meanwhile, in Africa, there has been a rise in reports of malicious cyber-activities in the form of losses from digital fraud and illicit financial flows, as well as national security breaches and sabotaged public infrastructure. There are several strategic areas of interest that could be targeted to reinforce the continent’s cybersecurity preparedness, including investing in technologies to detect and mitigate crime, committing to the enforcement of robust legislation that protects digital rights and cyber-activities, ensuring stronger implementation and better coordination in places where cybersecurity strategies are already in place, and increasing awareness campaigns so internet users are cognizant of cyberthreats and can adopt preventive measures.
Read More from OBG
