Hackers Are Fighting A Surrogate Cold War

Uploaded on 2018-09-27 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The Cold War of the mid-twentieth century played out as a truly epic conflict. The US and the Soviet Union mobilised spies across the globe, supported proxy armies from the jungles of Southeast Asia to Central America, and deployed vast nuclear arsenals capable of annihilating life as we know it.
 
Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The peril from this new hybrid type of warfare incorporates cyber tactics focusing on soft targets designed to disrupt businesses, our economy and other areas of our society that were normally safe from adversaries.
 
As the primary theater of battle shifts online, the powerful deterrence offered by nuclear stockpiles has been undermined by software exploits, weaponized propaganda delivered through social media-oriented disinformation sites, and hackers-for-hire who can help even the most obscure splinter group destabilise a world power. Indeed, cyberattacks are the ultimate in asymmetric warfare, enabling both countries and non-state actors build robust offensive capability without spending great amounts of capital.
 
Compounding the problem, there is no national defense strategy to block attacks against the private sector. The nightmare scenarios of novelists can barely keep pace with the real possibilities of the new Cold War. In Ghost Fleet by August Cole and P. W. Singer, a fictional World War III sees hackers taking power plants offline, widespread disabling of foreign-manufactured smart devices, drones everywhere, and hidden backdoors in software creating havoc on the global economy. 
 
Meanwhile, the very same ideas are under intense discussion at West Point and Annapolis.
 
The Cyber Cold War isn’t just a matter for military and intelligence personnel to ponder. It can easily affect the life of any business. Personal financial information can be stolen and sold for profit by a crime ring, or used to finance a terrorist attack. 
A company’s intellectual property can be targeted by an industrial rival, or its systems sabotaged, or its stock price manipulated by a fake Twitter account, or its reputation and business relationships ruined through leaks and hoaxes.
 
Citizens can be disenfranchised by hacked voting systems that render polling places inoperable or change recorded votes. 
Cities can be imperiled by attacks on the electrical power grid, or on the systems controlling large dams, or even on the connected cars and smart homes that fill their streets and neighborhoods.
 
What can you do about it? In our interconnected world, the lines between espionage, war, and business can be all too blurry. If you run a business, work with sensitive data, or work in cybersecurity, you’re already considered fair game, and so are your customers.
 
Here are some practical defensive approaches regardless of the size of your business. 
 
• Use two-factor authentication everywhere you can. Weak passwords/password reuse is one of the biggest problems out there for any organization large or small, and using two factor authentication can significantly raise the effort required for attackers.
• Apply full-disk encryption for laptops and mobile devices to mitigate the risk posed by lost or stolen devices.
• Use public cloud services where you can. Microsoft, Google, and AWS field much larger security teams than most companies, put them to work to help protect your business.
• Secure your application layer. As sensitive information moves to the app layer, hackers follow; such attacks already account for 30% of successful breaches, according to Verizon, yet the majority of security budget is still allocated to the network. Defensive technologies for web applications and APIs are now critically important.
 
To keep your organisation out of the line of fire, you’ve got to take the threat seriously, be smart about your defensive strategy, and stay alert for new developments. After all, Cold War drama is best kept confined to the page or the screen, not the data center or boardroom.
 
HelpNetSecurity
 
You Might Also Read:
 
Is Cyber The Perfect Weapon?:
 
A New Cold War Will Not Be Based On Hardware:
 
« Security Flaws In Smart City Technology
Hackers Stealing High Grade Academic Research »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

Jumio

Jumio

Jumio’s end-to-end identity verification and authentication solutions fight fraud, maintain compliance and onboard good customers faster.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Pacific Cyber Security Operational Network (PaCSON)

Pacific Cyber Security Operational Network (PaCSON)

PaCSON is an operational cyber security network of regional working-level cyber security experts in the Pacific.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.