Morten Kjaersgaard is the CEO of Heimdal Security, a leading European provider of cloud-based cybersecurity solutions based in Copenhagen, Denmark. He has a degree in Corporate Marketing and prior to Heimdal, he spent his years at the top of the IT industry as CCO of BullGuard LtD and CEO of a large Danish IT Reseller. Morten has previously been in several company boards and is a frequent event speaker and an Internet Security evangelist.
How are cybersecurity companies tackling the Russia-Ukraine crisis?
That depends on the business’s objective. Intelligence firms are working hard to find meaningful threat intelligence on Russian actions, while SOC teams are keeping an eye on the increasing volume of warnings.
At Heimdal, we are committed to remaining proactive, which we think is really the best strategy – not only in this particular scenario, but on a daily basis. Our product development team is constantly working on technology that will make it easier to monitor our clients’ environments and prevent attackers from infiltrating them in the first place.
Are we in danger of another Not-Petya-style attack?
NotPetya was an excellent example of how a cybersecurity threat may inflict real-world disruption in addition to enormous financial losses. I am certain that both parties involved in this war will do everything possible to undermine the opponent, so, unfortunately, another NotPetya remains a possibility.
How should businesses worldwide tackle cybersecurity in the context of this conflict?
Proactively, as previously mentioned. The number of security incidents had a huge spike in the last month, so it’s important to enhance their cybersecurity posture immediately. They also need to understand that, now more than ever, any company, regardless of size, can become a target.
Critical infrastructure and governmental entities are receiving help from CISA and other agencies. What can an average business do to defend against cyberattacks?
It is also critical to instill a security mindset into their employees. Enabling multi-factor authentication, using strong passwords, and knowing that phishing is still a prevalent attack vector, even for advanced adversaries, can all boost overall security.
Always prevent, because reacting implies that something bad has already happened.
What do you think is the main focus of cybercriminals these days – teaming up with Ukraine and attacking Russia or targeting businesses and individuals for their own profit?
At the moment, we’re seeing state-sponsored actors targeting each other, with the intention of obtaining an advantage in actionable intelligence about the other side. We definitely witnessed this with the imposter incident involving UK parliament members, but it is definitely something we will see in all major EU countries as well.
Nevertheless, there has also been a significant surge in attacks on private businesses, which are a crucial source of potential operational secrets as well as financial resources to support a conflict. Attacks on enterprises have already quadrupled since the fourth quarter of 2021, and we expect this to be only the beginning.
I recently heard that 30% of the Russian economy comes from cybercriminal activities such as ransomware as a service. Do the sanctions the West has imposed on Russia mean a decrease or an increase in Russian cybercrime activity?
We cannot know for sure what is the percentage, but Russia has, indeed, seen factory shutdown, mass unemployment, interest rates double, and the ruble collapse. As sanctions hamper Russia’s economy and US firms push the country into technological shadow, it is an option for the Kremlin to leverage Russian state hackers to use their skills for the advantage of the state. The implications of an uninhibited nation-state hacking activity can quickly build-up, thus every company, regardless of size, should tighten up their cyber defenses in this context.
What are the cybersecurity market’s tendencies in this period, as observed by Heimdal Security?
Generally, we are witnessing an increase in cybersecurity spending across the board. Governments in the EU and the United States are rightfully advocating for greater security measures at the national, municipal, and private levels. The current security scenario is terrible and demands significant investment and revision, as IT security is not always prioritized when budgets are created.
Do you expect to see any long-term effects on the cybersecurity market?
The cybersecurity market is expected to reach USD 376.32 billion by 2029, up from USD 155.83 billion in 2022, at a 13.4 percent CAGR during the same period. I’m confident that his war, just like the epidemic, will boost further development in the cybersecurity market – we actually forecast a 12-15 percent increase in that figure, bringing the CAGR closer to 15-16 percent.
Enterprises in Europe and the United States are typically eager to protect their financial interests, so with Russia’s digital threats significantly escalating, there is a strong tendency to ramp up their cybersecurity posture. As a result, rather than going for reactive solutions from multiple vendors, I anticipate a major interest in proactive, unified cybersecurity suites that can assist predict attacks throughout many layers of defense at a significantly lower cost.
A recent court case involving Merck and their insurer over coverage for Not-Petya damages found that cyberattacks are not “acts of war” as far as insurance coverage is concerned. How is this going to affect the cyber-insurance market?
According to FP, “The group of insurers that sold Merck its $1.75 billion of property insurance denied the company’s claim for NotPetya-related losses on the grounds that NotPetya was a <<hostile or warlike action>> of the sort excluded by the insurance policy. But in December 2021, in New Jersey, a judge ruled in favor of Merck, finding that the insurance exclusion did not apply to NotPetya and Merck was therefore owed the full amount of its claim. Merck argued in court that it believed the exclusion only applied to the “use of armed forces,” and the judge agreed that given the language in the exclusion, “Merck had every right to anticipate that the exclusion applied only to traditional forms of warfare.”
Therefore, in this case, the question is not whether a cyberattack is a “hostile or warlike action” or not, but whether Merck’s insurance policy defined what is an act of war or not and whether they were entitled to receive compensation based on that specific text.
Now, to answer the question of whether an insurer should pay the policyholder in case of a cyberattack in the context of the Russia-Ukraine crisis, we have to bear in mind that, even if the cyberattack is not considered an act of war, there is the cyberterrorism exception which, on most policies, simply defines it “quite broadly to include any attack against a computer system with the <<intent to cause harm>> in furtherance of <<social, ideological, religious, economic or political objective.>>, which, clearly, applies to the cyberattacks that the involved country may use. As a result, even if the war exclusion holds true to a particular incident, cyberterrorism exemption may allow coverage to be restored.
As the number of attacks increases, I am confident that the cyber insurance industry will expand as a result of the crisis in Ukraine and increasing activity from hostile actors. I think this will occur with a 2–3-month delay when compared to corporate spending.