The impact of cyberwarfare
The impact of cyberwarfare on political organizations and critical infrastructure vendors is well-documented. What is considerably less discussed, however, is how and why large enterprises should prepare for politically-motivated cyber-intrusions. Where once warfare had clear rules and targets, modern cyberwarfare is completely anarchic and knows no boundaries.
For example, in 2015, the U.S. Department of Defense issued a warning that external nation-state adversaries were not only using APTs (advanced persistent threats) to compromise sensitive data held by government contractors, but also to steal confidential information from academic institutes. Top cybersecurity firm CrowdStrike gave a similar warning earlier this year, revealing that there has been a resurgence in attempts by Chinese hacking groups to break into the systems of U.S.-based enterprises — specifically including businesses in the pharmaceutical, hotel and telecommunication sectors.
The surge has made it critical for enterprise stakeholders to understand that no system or network can be 100% safe from a cyberassault and that organizations have to increasingly be vigilant and prepared for the new, not-so-apparent risks.
Why is cyberwarfare on the rise?
There are several reasons why non-nation and nation-state actors are investing in cyberwarfare, and today more than 140 nations have some kind of cyberweapon development initiative in place. Primarily, the attack method provides more bang for the buck than investment in traditional weapons. Sophisticated tactics like the use of persistent surveillance tools rely on human resources who can find a starting point by exploiting a day zero flaw, spearphishing or social engineering. Consequently, the skilled amongst these humans adapt, insert and monitor surveillance software in a victim’s network or system.
Gathering a crew to do all this is far more accessible and cheaper to nation-states. It enables politically-driven adversaries to carry out attacks without as much danger of being identified and without the consequences when they’re caught. In contrast, a single foreign-owned missile costs around $500 million plus launch equipment, and the executing crew is vulnerable to counterattacks.
Another attractive aspect of cyberwarfare is that it can’t be touched, seen or felt. Everything takes place in cyberspace, with attacks being insidious and invisible to most. This makes it challenging to attribute the infiltration, which opens up corporate theft to many adversaries who otherwise might have refrained from conducting illicit cyber-activities out of fear of being caught. By infiltrating an enterprise’s network an adversary can, with relative ease, siphon off enterprise data.
The great challenge for enterprise leaders is that current strategies for data protection tend to share the assumption that the rules of conventional attacks extend to cyberwarfare as well. Cyberwarfare has no rules and could involve a single person controlling a legion of unwitting systems, making it even more challenging to determine who is behind the attacks.
What happens if large enterprises don’t secure their data?
Although data security is top of mind for most enterprises in the wake of cyberwarfare, they’re still uncertain about their data protection practices. Chicago-based insurance vendor Hiscox surveyed over 4,100 organizations and found that only three out of 10 are prepared for a cyberattack. The same report informed the costs of inadequate protection reached as high as:
- $25 million for one incident in the U.S.
- $20 million for individual attacks in the UK and Germany
- $229 million for all attacks reported by the survey participants
The findings appear to suggest that the majority of enterprises probably don’t have adequate data security controls in place because they’re unaware of the type of attacks their networks and systems are vulnerable to. That’s why large corporations are stalled in the process of implementing appropriate security controls to secure the valuable data they possess.
But it is not just the costs themselves raising concerns for large enterprises — for the majority, there’s a risk that the trust people place in their products and cybersecurity controls will be broken if they report an intrusion. Options are limited because regulations like GDPR require organizations to report security-related intrusions to the relevant data security authority. In addition, compromised users must be informed, which serves as a reminder that corporations are entrenched in an escalating battle of attrition that demands a proactive response.
What steps must an enterprise take to combat cyberwarfare?
It’s hard to predict who the next cyberintrusions will target, but here are a few measures that large enterprises should consider taking to secure their data.
Invest in multiple security tools
Using firewalls, DLP (data loss prevention) and other damage reduction tools is the first step to deterring the attacks from foreign independent and state-sponsored hackers. Devices like network packet brokers can also be used to simplify the connection between multiple security implementations. Such devices facilitate mapping of data flows to security programs and offer fail-safe protection to the enterprise network in case any of the security tools malfunction. Moreover, users may be able to connect the tools redundantly to ensure enhanced security without compromising the availability of the network.
Create layered defenses
Even the best damage reduction tools have inherent vulnerabilities. This means it’s only a matter of time before a cybercriminal will discover an exploitable weakness. A countermeasure is to place multiple defense solutions between the hackers and their targets, and each solution must present a unique challenge to the attacker.
Deploying robust encryption and public key infrastructures (coupled with nested firewalls) at internal and external network boundaries is one example of a layered defense. The firewalls may facilitate more granular data filtering and threat identification.
Conduct risk assessments on a regular basis
Cyber-risk assessment is one of the critical factors that contribute towards the growth of your organization as it keeps the enterprise resilient from falling prey to cybercriminals. Ideally, there should be a separate department in your firm that is dedicated to mitigating the risk of data exposure. You can also recruit a security professional like a risk manager or information assurance analyst who specializes in the domain of cyberwarfare. These specialists will help your enterprise to carry out simulations and create data protection rules that reduce the overall risk exposure of your business.
With new technologies emerging at a considerably higher rate than in the past, unique threats will undeniably surface, and cyberwarfare will continue clogging news headlines for the foreseeable future. Therefore, it is paramount to consider defense mechanisms that can help identify and mitigate these threats before they impair data and affect massive numbers of people in a much more pervasive manner.
Effective security efforts to combat this malicious threat would be the first line of defense for larger enterprises. Additionally, private organizations can share information about ineffective and effective data protection techniques with public sector enterprises (and vice versa) to ensure everyone is in a position to respond more appropriately.
- CrowdStrike Annual Threat Report Details Attacker Insights and Reveals Industry’s First Adversary Rankings, CrowdSearch
- The World Cup of Cyber Warfare, Culture Trip
- Russia is luring international arms buyers with a missile system that costs much less than models made by American companies, CNBC
- 2018 HISCOX Small Business Cyber Risk Report ™, Hiscox