David Critchley, Regional Director of UK & Ireland at Armis draws insights from new research to showcase the risk cyberwarfare poses to democracy and society in a crucial election year.

2024 will see half of the global population head to the polls. This includes elections in the US, Europe, Africa, India, and of course, the UK. While this should be a cause for celebration, the threat of cyberwarfare is now jeopardising democracy.

The digital realm has erupted into an invisible war in which the UK is under constant attack. In this kind of warfare, everyone is on the front line; every company, every person. There are no borders. That’s what makes cyberattacks such an effective form of warfare. It’s not simply about data breaches or financial gains either, these attacks are a calculated assault on public trust, aimed at destabilising economies, crippling entire systems and eroding the fabric of democracy.

A parliamentary committee accused the UK government of burying its head in the sand over the “large and imminent” national cyber threat it’s facing. Moreover, global tensions are only heightening this threat, with the National Cyber Security Centre (NCSC) recently exposing Russian intelligence services attempting to interfere in UK politics and its democratic processes.

Now, 37% of IT leaders in the UK believe that cyberwarfare could affect the integrity of an election, spiking significantly from those within the three major pillars of our society: government (60%), healthcare (67%) and financial services (71%). Make no mistake, the nation is teetering on the precipice of a digital catastrophe.  And democracy is in danger.

Democracy on a tightrope

The NCSC highlighted that all types of cyber threat actors – state and non-state, skilled and less skilled – are using and weaponising AI, amplifying their ability to cause harm and supercharging the volume and impact of cyberwarfare. Combine that with the rising geopolitical tensions between the UK and Eastern Axis enemies, and we’re entering a very fragile situation.

Adding insult to injury, the Russian state has also played a proactive and malign role in attacking elections held in the West for years, which is why 45% of UK organisations say that Russia poses a greater threat to global security compared to China. With the UK general elections expected sometime in November 2024, the nation needs the government to step up its cyber defences.

The UK needs to step up and defend its elections

Yet, over half (52%) of UK IT leaders lack faith in the government, believing it can’t defend its citizens and enterprises against an act of cyberwarfare. What’s worse, it’s a significant change in sentiment compared to a year ago. Then, 77% of UK IT leaders had confidence in the government. It’s now simply failing in its first duty: “To keep citizens safe and the country secure”.

In addition, new research shows that 45% also say cyberwar can result in cyberattacks on the media. Nothing is safe. Bad actors have already planted tbhe seeds of discord. From Russian-based disinformation campaigns spreading false content about the Princess of Wales on social media to China attacking UK lawmakers and the national election body, nation-threat actors are destabilising society and democracy is simply balancing  precariously on a tightrope.

Despite this, almost half (46%) of IT leaders say they’re unconcerned or indifferent about the impact of cyberwarfare; a 13% YOY increase. However, it’s not indifference. It’s a result of being overwhelmed. A lack of automation has left 29% of cybersecurity teams feeling overwhelmed, hindering security and IT professionals from effectively remediating or prioritising threats. Faced with a further deluge of information, the mounting pressure to maintain constant vigilance and a lack of  resources, it’s easy to understand why some IT leaders are seemingly indifferent.

However, this is not an excuse for inaction. Especially with democracy on the line. If we’re to mitigate the threat of foreign interference within the electoral process – and avoid democracy being knocked off the tightrope – we must take a more proactive approach.

Taking matters into our own hands

In the face of these escalating threats, it’s crucial for the government and organisations to proactively rebuild national confidence by enhancing defensive cybersecurity strategies. And that starts with being able to see the entire attack surface.

To effectively defend against cyber threats, you need to know what you’re up against. That’s why organisations must conduct a comprehensive assessment of their attack surface. Do to this, they must map all the entry points and vulnerabilities that bad actors could exploit. Most importantly, they need to follow mapping with investment into technology that can help identify and monitor any threats.

With tens of thousands of physical and virtual assets connected to any organisation’s networks on an average day, and over 40% remaining unmonitored, its time organisations start defending against current threats while also positioning themselves for the dynamic challenges and evolving vulnerabilities that lie ahead.

A complex, thorny problem

With that, it’s important to remember that not all vulnerabilities are created equal. In 2023, the cybersecurity community identified and dealt with an astonishing 65,000 unique Common Vulnerabilities and Exposures (CVEs), yet the patch rates for critical CVEs remained noticeably lower than others. Put simply, organisations are failing to prioritise the right vulnerabilities.

From a deluge of data and too many different tools for managing assets connected to a network, organisations must instead equip themselves with the right tools to combat cyberwarfare. Implementing technology that can help teams understand and focus on the vulnerabilities affecting assets, particularly ones that are critical to the core function of the organisation, or are in a vulnerable context, is now a necessity for a robust cybersecurity posture.

Additionally, as cyberwarfare tactics are constantly evolving, organisations must stay ahead of the curve with continuous threat intelligence. Solutions that act as an early warning system, using AI and machine learning to scan the dark web, whilst setting dynamic ‘honeypots’ for bad actors, provides actionable data ahead of vulnerabilities, attacks and impacts.

By combining these early warning systems with automation and other AI-powered solutions, security teams can proactively address threats to elections. After all, nation-state actors are increasingly using AI for attacks, so it’s time to start using it for defence.

Building a digital defence

Global attack attempts more than doubled in 2023, increasing 104% and, when combined with rising geopolitical tensions, the UK has found itself in the crosshairs of bad actors, nation-state or otherwise. With 2024 being such a crucial year for democracy, it’s time organisations – as well as the government – come together to rebuild national trust. The time to act is now.

Starting with a robust investment in cybersecurity, coupled with the deployment of AI-driven tech that can see, secure, protect and manage billions of assets around the world in real-time will be key in an organisation’s cyber defence. If government and organisations take a proactive approach today, then there’s a chance we can still shield democracy from the threat of cyberwarfare.

  • Cybersecurity

Related Stories

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.