More than 70% of UK critical national infrastructure (CNI) providers have seen an increase in cyber-attacks since the start of the war in Ukraine, according to new research from Bridewell.
The security services provider polled over 520 security decision-makers in the communications, utilities, finance, government, and transport and aviation sectors in order to better understand their concerns and risk exposure to cyber-threats.
Perhaps unsurprisingly, given the surge in attacks since the war began in eastern Europe, 78% said they’re worried about the threat of cyber warfare against the UK’s CNI, and a quarter said they are concerned that their systems are vulnerable.
One in ten said they fear their team won’t be able to cope with such an attack.
Concerns are particularly heightened in the transport and aviation sector, where 93% of respondents said they are worried about the possibility of cyber warfare. Some 86% reported increased cyber-attack volumes in this sector since the start of the war, and 69% are worried their systems are vulnerable.
An HP report from 2021 warned that the world is closer than ever to a situation where cyber warfare spills over into a kinetic battle. Most (64%) of the experts the report’s author consulted during his research claimed that an escalation in digital tensions over the previous year was “worrying” or “very worrying.”
Their concerns appear well-founded, as Russia has launched repeated and widespread destructive attacks against Ukrainian targets during its botched invasion attempt.
Late last month, Microsoft revealed that Russia has launched at least 237 campaigns against Ukrainian targets, including wiper malware that threatens civilian welfare and “broad espionage and intelligence activities.”
Many have been timed to coincide with real-world physical military operations.
Martin Riley, director of managed security services at Bridewell, argued that CNI operators must collaborate more effectively to protect the societies they serve.
“Great progress has been made across the industry since the introduction of the NIS Regulations but it’s now imperative that organizations include threat intelligence in their cybersecurity strategies to strengthen resilience,” he added.
“Developing a culture of information sharing among peers and supply chains is key to protecting our infrastructure and citizens.”