In the 21st Century, when international conflict is discussed, the topic of cyber warfare often comes up. Cybersecurity threats such as widespread data theft, ransomware attacks, and espionage can all do tremendous damage to both governments and businesses that are targeted.
What is Cyber Warfare?
Cyber Warfare occurs when nation-states or international groups “attack and attempt to damage another nation’s computers or information networks,” through means such as denial-of-service, viruses, and other wide-reaching attacks. Nation-state organizations can be official government groups or state-sponsored organizations such as the Lazarus group.
Cybersecurity in an International World
As international bodies interact, digital information is vital, but it also puts countries at risk when it falls into the hands of a malicious actor or rogue state. Research on weapons, demographic information, financial data, and the networks that handle integral services such as medical care and utility distribution can all be leveraged to cause harm.
Nations generally have official cybersecurity teams within their military, as well as connections with cybersecurity actors that operate within or in conjunction with their territory, and in alignment with their ideals.
For example, North Korea has what Kim Jong Un has described as his “warriors,” who used sophisticated cyber warfare techniques to steal over $2 billion as of 2019.
Nation-state backed cyberattacks can be difficult to attribute, as both the victim and the perpetrator may have a vested interest in not being acknowledged in the attack.
National Defense
Cyber attacks are a reality of modern international relations. The Center for Strategy and International Studies (CSIS) manages a list of significant attacks which is dishearteningly long. Hacking groups integrated within governments, such as Gamaredon, attack target nations to gather information and disrupt systems, and ideological fighters join conflicts based on their political affiliation. Digital attacks are often an opening salvo in a conflict, such as the cyberattacks that rattled Ukraine prior to Russia’s invasion.
With this reality in mind, countries take steps to protect themselves, with defense groups like the United Kingdom’s Ministry of Defense and the United States’ U.S. Cyber Command working to neutralize cyber attacks and monitor potential threats across the world. National Cybersecurity strategies generally emphasize increasing technical capabilities and shoring up defensive posture.
Cyber Warfare and Companies
It makes sense for national militaries to have an official stance regarding cyber warfare and defense, but private industries are not immune to these threats.
The international community has seen gas pipeline attacks and attacks on national banks. State-sponsored attackers tend to target areas where they can cause the most damage or gain valuable intelligence. These include organizations in the financial sector, research and development for tech companies, chip or weapon manufacturers, and acquisition companies.
There are also attacks on cultural or citizen-based organizations, such as the 2014 Sony hack, which Obama referred to as an act of cyber-vandalism. Breaching a vendor can sometimes be a pivot point to the main target, so smaller organizations working in volatile areas cannot assume a state-level actor won’t probe their defensive posture for weaknesses.
Protect Your Data
It is standard operating procedure for private organizations and agencies to have data security practices that include things like ongoing employee training and endpoint security software the can remotely wipe data from a stolen device. If the agency works in an unsettled market or area, or in an industry that is a prime target for politically motivated attacks, ensuring devices can be located , locked, and have their hard drives destroyed remotely is critical. Companies also need to verify that their vendors, partners, and contractors take the appropriate steps to protect their assets as well, with matching data privacy goals.
Unfortunately, instances of malicious attacks in shadow or cyber warfare are not likely to decrease in the coming years. Don’t assume that your organization is safe from state-sponsored attacks – take action today!