As the world is quickly learning, a country does not need to be physically bordered by enemies to be in the crosshairs of cyber threats.
More specifically: cyberwarfare. Cyberwarfare is a low-cost, extremely effective form of asymmetric warfare, and as these recent events have shown: it’s about to become a lot more prevalent. Unlike traditional physical warfare, cyberwarfare has no real borders or rules of engagement. The more that aggressors adopt cyberwarfare as a primary attack method in international conflicts, the more it will affect business operations, foreign policy, internal policy and even the day-to-day operations of critical infrastructure.
Cyberwarfare is a serious issue for all modern nations and they must act now to secure their people, resources and economies. It's time to take the threat of cyberwarfare seriously.
Why now is the time
Gartner analysts predict that by 2025, cyber attackers will have weaponized operational technology (OT) environments to successfully harm or kill humans. While this may seem extreme, it underpins a trend in cyberwarfare that security leaders are already clearly seeing, as threat actors move from the reconnaissance and espionage realms into the application of cyberwarfare tools to cause harm to organizations, infrastructure or even people.
In February 2021, a hacker attempted to poison the water supply facility of a small U.S. city in Florida via remote access. Fortunately, the attempt was thwarted in time and the public was not in immediate danger — but they could have been.
Proactive defenses are the responsibility of every business and organization, and what research has found is worrying. A recent survey found that 54% of respondents worldwide experienced an increase in threat activity last year. And, one-third of global respondents said they're indifferent or unconcerned about cyberwarfare, while a quarter feel they are unprepared to handle this kind of threat. Across the board, these numbers are too high and create major security gaps.
As the threat landscape continues to evolve, business and IT leaders must understand the attack surface and the potential cyberweapons out there in order to improve their own cybersecurity posture to successfully thwart such attacks. It’s vital to the safety and success of businesses and their employees, and society overall.
Tips for proactively mitigating and preparing for cyberwarfare threats
If there’s one overarching lesson to use as a guide: security leaders can’t protect what they can’t see. This is true in both physical warfare and cyberwarfare.
From a critical infrastructure and operational technology (OT) standpoint, seeing all of the connected assets within an organization is a lot more challenging than with enterprise IT and the stakes of an attack are much higher. That visibility should be comprehensive, including IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS) and 5G. Network device visibility and real-time asset management is so important in the era of rising cyberwarfare threats.
In addition to increasing visibility in organizational networks at the foundational level, there are a number of other steps that organizations can take today to proactively shore up their defenses.
Create an incident response plan
Regardless of the tools and techniques an organization chooses to put in place, an incident response plan is an essential component. This details the process used by IT staff to manage the aftermath of a security breach. The main goal is to limit the damage and reduce recovery time. It is often good practice for an organization to put a specialist incident response team on retainer to reduce the cost and increase the speed of recovery. Automated incident response solutions can also be very effective at making the process far more efficient, fast and precise — reducing damage, costs and downtime.
Use islanding or isolation strategies to minimize impact
Once an attack has been detected, minimizing the impact is essential. Islanding or isolation is the predominant strategy for most organizations and allows incident responders to isolate individual machines from the rest of the network.
Examine backup strategy and processes
A good backup strategy and process is a primary line of defense against nation-state attacks and cybercriminals. Backup solutions help ensure that the organization can recover quickly in case of an attack. They should include continuous monitoring and integrity checking.
Security starts with people
As mentioned above, security leaders must ensure that everyone within their organization receives security awareness training. Employees should be regularly trained on how to identify malicious email traffic and IT should provide easy-to-use reporting mechanisms. Leaders should increase security and risk management across the board, rather than just protecting the most critical assets.
Learn from overseas organizations
Organizations globally should look at what other countries are doing to shore up their defenses. Any cyberattack overseas should be seen as a weapons test for what could happen anywhere else. What is effective in responding to such attacks can help inform how organizations should focus their resources to minimize the fallout from future attacks.