Sonali Shah
In 2012, the FBI noted that organized cybercrime would soon replace terrorism as the number one threat to America. Ten years later, cyberwarfare is a mainstay in the digital battlefield, and we see it unfolding in real time. As tensions between Ukraine and Russia came to a boiling point in early 2022, all eyes in the security community turned toward cyberattacks—with good reason.
In March 2022, a damaging and sophisticated cyberattack hit Ukraine's biggest fixed-line telecommunications company, Ukrtelecom, severely disrupting its connectivity on a national scale. At that time, research from Ukraine's Computer Emergency Response Team (CERT) revealed that there had been 60 coordinated cyberattacks, the majority of which have focused on information gathering and bringing down communication services. Cyber espionage is here to stay.
With geopolitical heat fueling the fire (you can't have cyberwar without politics, after all), governments and organizations alike need to step up their game and enter the digital war with the right army, modernized weapons and the best agile strategies for maintaining a secure software landscape.
There are a number of ways in which cyberattacks are different from conventional warfare. Let's review why these attacks are so detrimental to national security and what steps you can take to mitigate them.
Cyberwar has completely changed the battlefield. It is cheaper to execute and harder to attribute than physical warfare. Cyberwar levels the playing field. It costs the same to attack your neighboring nation as it does an enemy across the globe—and even countries with relatively poor financial standing can participate.
Many attackers take a low-and-slow approach, requiring very little bandwidth and generating traffic that is hard to distinguish from normal traffic. Once in, attackers can penetrate connected networks and applications—where they can linger for months, disrupting communications systems and stealing sensitive information like satellite images of troops or weapon locations.
These activities can take a while to detect; Verizon estimates in its Cyber-Espionage Report that discovery time for cyber espionage-related breaches is months to years, while containment time spans hours to weeks.
Skilled attacks are hard to attribute, making it difficult to retaliate. Unlike conventional war, bad actors don't even need to be physically present if they want to do serious damage. Terrorist organizations may even take credit for a cyberattack they did not commit just for credibility.
The damage of conventional warfare is calculated based on lives lost and the effort to rebuild, both of which can be estimated with fairly accurate data. However, the impact of cyberwar can be significant. According to an IBM report, the global cost of a data breach in the public sector grew by nearly 79% between 2020 and 2021, and in 2021, the average price of a breach was the highest in the report's history at just over $4 million.
Additional research from Crowdstrike's 2022 Global Threat Report shows that adversaries are adapting quickly. Crowdstrike added 21 new adversaries to its list of more than 170 tracked actors in 2021, highlighting an 82% increase in data leaks related to ransomware. Crowdstrike also confirmed that preferred exploitation methods by actors from China are shifting to focus heavily on exploitable vulnerabilities in internet-facing services and devices. The global digital war rages on.
Keeping yourself (and your business) safe in the cyberwar of today.
Exploiting vulnerabilities is the tip of the iceberg; cyberwarfare can wipe out critical infrastructure that entire nations rely on, such as air traffic control systems, energy sources and voting systems. If attackers get in, they can potentially hack weapons systems and initiate physical attacks through software.
I think we can safely assume that cyberattacks for political purposes will grow in size and frequency with an increasingly difficult recovery. Take the 2020 hack involving SolarWinds, for example. According to a Reuters report, SolarWinds said it spent at least $18 million in the first three months of 2021 alone investigating and remediating the incident. The majority of cyber espionage campaigns are challenging to respond to quickly, as 30% of attackers can steal their target data in mere minutes, according to research from Verizon.
Attacks on web applications are involved in 43% of breaches. There's no shortage of risk when you're designing, building and deploying software. Fortunately, there are ways for businesses and government agencies to mitigate this risk.
• Reduce risk by knowing your attack surface. This includes the full list of your applications and APIs, technology stack, business partners and employees. It's vital to regularly discover changes to your attack surface; you can't secure what you don't know about.
• Change must begin with top-down directives from leadership to foster a security culture. Whether it is not sharing passwords, locking your laptop when leaving your desk or learning secure coding practices, security must be built into the everyday life of your employees. Securing your digital attack surface is no easy task, and change will not be sustainable if it isn't part of the corporate culture.
• For companies that produce their own software—which is nearly every company these days—proactively and continuously improve your security hygiene throughout the application development lifecycle. Look to adopt DevSecOps practices and automated tools so that security and development teams can keep pace with one another.
Mitigating risk to thwart digital criminals in this new normal.
The reach of cyberwarfare is far and wide. Unlike conventional warfare, there is no clear beginning or end. The bad guys, whether nation-states or terrorist organizations, are continuously attacking. While many attacks may be unsuccessful, it only takes one to cripple a nation.
Organizations—public and private—must be proactive in securing their number one attack vector: web applications and APIs. Reducing risk by understanding your attack surface and adopting a culture of security alongside rapid vulnerability remediation is the only intelligent strategy to safeguard your web applications. With those efforts in place, you should have the foundational fortitude to stay one step ahead of malicious actors who look to manipulate the software on the modern battlefield.
No comments:
Post a Comment