Hackers Are Fighting A Surrogate Cold War

Uploaded on 2018-09-27 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The Cold War of the mid-twentieth century played out as a truly epic conflict. The US and the Soviet Union mobilised spies across the globe, supported proxy armies from the jungles of Southeast Asia to Central America, and deployed vast nuclear arsenals capable of annihilating life as we know it.
 
Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The peril from this new hybrid type of warfare incorporates cyber tactics focusing on soft targets designed to disrupt businesses, our economy and other areas of our society that were normally safe from adversaries.
 
As the primary theater of battle shifts online, the powerful deterrence offered by nuclear stockpiles has been undermined by software exploits, weaponized propaganda delivered through social media-oriented disinformation sites, and hackers-for-hire who can help even the most obscure splinter group destabilise a world power. Indeed, cyberattacks are the ultimate in asymmetric warfare, enabling both countries and non-state actors build robust offensive capability without spending great amounts of capital.
 
Compounding the problem, there is no national defense strategy to block attacks against the private sector. The nightmare scenarios of novelists can barely keep pace with the real possibilities of the new Cold War. In Ghost Fleet by August Cole and P. W. Singer, a fictional World War III sees hackers taking power plants offline, widespread disabling of foreign-manufactured smart devices, drones everywhere, and hidden backdoors in software creating havoc on the global economy. 
 
Meanwhile, the very same ideas are under intense discussion at West Point and Annapolis.
 
The Cyber Cold War isn’t just a matter for military and intelligence personnel to ponder. It can easily affect the life of any business. Personal financial information can be stolen and sold for profit by a crime ring, or used to finance a terrorist attack. 
A company’s intellectual property can be targeted by an industrial rival, or its systems sabotaged, or its stock price manipulated by a fake Twitter account, or its reputation and business relationships ruined through leaks and hoaxes.
 
Citizens can be disenfranchised by hacked voting systems that render polling places inoperable or change recorded votes. 
Cities can be imperiled by attacks on the electrical power grid, or on the systems controlling large dams, or even on the connected cars and smart homes that fill their streets and neighborhoods.
 
What can you do about it? In our interconnected world, the lines between espionage, war, and business can be all too blurry. If you run a business, work with sensitive data, or work in cybersecurity, you’re already considered fair game, and so are your customers.
 
Here are some practical defensive approaches regardless of the size of your business. 
 
• Use two-factor authentication everywhere you can. Weak passwords/password reuse is one of the biggest problems out there for any organization large or small, and using two factor authentication can significantly raise the effort required for attackers.
• Apply full-disk encryption for laptops and mobile devices to mitigate the risk posed by lost or stolen devices.
• Use public cloud services where you can. Microsoft, Google, and AWS field much larger security teams than most companies, put them to work to help protect your business.
• Secure your application layer. As sensitive information moves to the app layer, hackers follow; such attacks already account for 30% of successful breaches, according to Verizon, yet the majority of security budget is still allocated to the network. Defensive technologies for web applications and APIs are now critically important.
 
To keep your organisation out of the line of fire, you’ve got to take the threat seriously, be smart about your defensive strategy, and stay alert for new developments. After all, Cold War drama is best kept confined to the page or the screen, not the data center or boardroom.
 
HelpNetSecurity
 
You Might Also Read:
 
Is Cyber The Perfect Weapon?:
 
A New Cold War Will Not Be Based On Hardware:
 
« Security Flaws In Smart City Technology
Hackers Stealing High Grade Academic Research »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Nextgen Group

Nextgen Group

Nextgen Group is a pioneering technology services group with innovative and unique services across enterprise software, cloud, data management, and cybersecurity solutions.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

PayPal Ventures

PayPal Ventures

PayPal Ventures invests in companies at the forefront of innovation in fintech, payments, commerce enablement, artificial intelligence, blockchain and cryptocurrency, regulatory and cyber technology.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

Xcede

Xcede

Xcede are global technology recruitment specialists. We connect companies with exceptional professionals who empower growth.

Cytacs

Cytacs

Cytacs is the AI-powered cyber security platform specifically designed for small and medium-scale enterprises.

Sola Security

Sola Security

Sola Security is a cyber security startup company currently in Stealth mode.