Hackers Are Fighting A Surrogate Cold War

Uploaded on 2018-09-27 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The Cold War of the mid-twentieth century played out as a truly epic conflict. The US and the Soviet Union mobilised spies across the globe, supported proxy armies from the jungles of Southeast Asia to Central America, and deployed vast nuclear arsenals capable of annihilating life as we know it.
 
Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The peril from this new hybrid type of warfare incorporates cyber tactics focusing on soft targets designed to disrupt businesses, our economy and other areas of our society that were normally safe from adversaries.
 
As the primary theater of battle shifts online, the powerful deterrence offered by nuclear stockpiles has been undermined by software exploits, weaponized propaganda delivered through social media-oriented disinformation sites, and hackers-for-hire who can help even the most obscure splinter group destabilise a world power. Indeed, cyberattacks are the ultimate in asymmetric warfare, enabling both countries and non-state actors build robust offensive capability without spending great amounts of capital.
 
Compounding the problem, there is no national defense strategy to block attacks against the private sector. The nightmare scenarios of novelists can barely keep pace with the real possibilities of the new Cold War. In Ghost Fleet by August Cole and P. W. Singer, a fictional World War III sees hackers taking power plants offline, widespread disabling of foreign-manufactured smart devices, drones everywhere, and hidden backdoors in software creating havoc on the global economy. 
 
Meanwhile, the very same ideas are under intense discussion at West Point and Annapolis.
 
The Cyber Cold War isn’t just a matter for military and intelligence personnel to ponder. It can easily affect the life of any business. Personal financial information can be stolen and sold for profit by a crime ring, or used to finance a terrorist attack. 
A company’s intellectual property can be targeted by an industrial rival, or its systems sabotaged, or its stock price manipulated by a fake Twitter account, or its reputation and business relationships ruined through leaks and hoaxes.
 
Citizens can be disenfranchised by hacked voting systems that render polling places inoperable or change recorded votes. 
Cities can be imperiled by attacks on the electrical power grid, or on the systems controlling large dams, or even on the connected cars and smart homes that fill their streets and neighborhoods.
 
What can you do about it? In our interconnected world, the lines between espionage, war, and business can be all too blurry. If you run a business, work with sensitive data, or work in cybersecurity, you’re already considered fair game, and so are your customers.
 
Here are some practical defensive approaches regardless of the size of your business. 
 
• Use two-factor authentication everywhere you can. Weak passwords/password reuse is one of the biggest problems out there for any organization large or small, and using two factor authentication can significantly raise the effort required for attackers.
• Apply full-disk encryption for laptops and mobile devices to mitigate the risk posed by lost or stolen devices.
• Use public cloud services where you can. Microsoft, Google, and AWS field much larger security teams than most companies, put them to work to help protect your business.
• Secure your application layer. As sensitive information moves to the app layer, hackers follow; such attacks already account for 30% of successful breaches, according to Verizon, yet the majority of security budget is still allocated to the network. Defensive technologies for web applications and APIs are now critically important.
 
To keep your organisation out of the line of fire, you’ve got to take the threat seriously, be smart about your defensive strategy, and stay alert for new developments. After all, Cold War drama is best kept confined to the page or the screen, not the data center or boardroom.
 
HelpNetSecurity
 
You Might Also Read:
 
Is Cyber The Perfect Weapon?:
 
A New Cold War Will Not Be Based On Hardware:
 
« Security Flaws In Smart City Technology
Hackers Stealing High Grade Academic Research »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Center for Cyber Security Studies & Research (CFCS2R)

Center for Cyber Security Studies & Research (CFCS2R)

CFCS2R's mission is to empower individuals, organizations, and governments with the knowledge and tools necessary to protect against cyber threats.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.