5 February 2019

Understanding The Implications Cyberwarfare Has On Your Cybersecurity Strategy

Baan Alsinawi

This past summer, President Trump eliminated certain Obama-era rules against cyberwarfare, reinvesting military officials with the power to carry out cyber attacks without the need for interagency discussions first. It would appear that the Trump administration's goal is to ensure that the U.S. is on equal footing with other world powers. On the surface, this sort of eye-for-an-eye kind of justice may seem reassuring until you consider the realities.

The potential impact of this type of policy change greatly increases the odds of a significant increase in cyber attacks and counterattacks.

This prospect should concern all risk management professionals across the globe, given the potentially devastating impact of such an escalation. A recent Wall Street Journal article regarding Russian hackers reaching U.S. utility control rooms illustrates the seriousness of this concern. The article reveals a national infrastructure replete with vulnerabilities.

While America’s military power remains dominant, the country would likely be unprepared for the ramifications of a serious cyber attack. To paraphrase the saying, those who live in glass houses should be careful of throwing stones at their neighbors.

To risk management professionals, a cyberwar escalation would initiate an unprecedented era of vulnerability, comparable to diving into unchartered waters without sufficient flotation devices. One could argue, correctly, that these realities were true before the new policy change. However, an acknowledgment of the considerable risks of escalation -- similar to the approach of nuclear non-proliferation efforts aimed at controlling the spread of a deadly weapon -- should accompany such a change.

NotPetya

We would be wise to remember the cautionary tale of the NotPetya malware, as detailed by Wired in an article published this past summer. It is a story about how hackers unleashed the "fastest-propagating piece of malware" ever upon Ukraine, and then ultimately the global stage, in June 2017. Referencing the server room of a small software company in Ukraine first attacked by NotPetya, the article observes that “for a moment in 2017, those machines served as ground zero for the most devastating cyberattack since the invention of the internet -- an attack that began, at least, as an assault on one nation by another.”

This hostile cyber attack reverberated across the globe and resulted in billions of dollars in business losses, as well as interrupted supply chains that led to shortages and other deleterious effects. This incident alone should give us a sense of the potentially catastrophic nature of inviting cyberwarfare escalations.

In our digitally connected world, our food supply, hospitals, ATM machines and banks, and transportation systems are vulnerable to cyber attacks and could be used as weapons against helpless citizens who would become collateral damage in a cyberwarfare escalation.

As a security and risk professional, I know it’s important to provide clients with recommendations on how to be best prepared for such scenarios. At TalaTek, we advise businesses on what they must do to stay ahead of these threats, which can often be avoided with appropriate assessment, controls and monitoring.

The Importance Of Preparing For Potential Security Threats

Cyberwarfare shines a harsh spotlight on modern society’s dependence upon computers and reveals the extent to which they can be used for destruction. As risk management experts, it's our job to inform organizations within the public and private sectors on how to be proactive and prepare for the future. It’s imperative for organizations to take the necessary basic precautions now to provide a front line of defense for the future.

Risk management is critical to forming the basis of a sound and strategic cybersecurity program for organizations of all sizes. It is best accomplished through an initial risk assessment where data is identified, categorized and ranked according to the perceived impact on an organization should its data be exposed, lost or stolen. It is more about having the basics in place than a program developed with fancy tools and splashy interfaces. For example, at a minimum, organizations should take the following seven steps to protect their data:

1. Set up multifactor authentication for users accessing your network.

2. Utilize access control to manage who gets access to what data.

3. Use encryption to protect data at rest and in transfer.

4. Enable access to secure, encrypted backups.

5. Manage your vendors and partners accessing your systems.

6. Be sure to have in place disaster recovery and continuity of operations plans.

7. Engage cybersecurity frameworks and other regulatory controls to manage and monitor systems.

In conclusion, let’s return to NotPetya. Among other victims of that attack, global shipping giant Maersk took a major hit. According to Wired, "NotPetya cost Maersk between $250 million and $300 million." In the wake of this calamity, the company not only improved its cybersecurity but also turned it into a competitive advantage.

As risk management professionals struggle to convince corporations of the value of investing in cybersecurity, cases like Maersk present a clear cost-benefit analysis on the perils of ignoring the criticality of this function.

No comments: