Hackers Are Fighting A Surrogate Cold War

The Cold War of the mid-twentieth century played out as a truly epic conflict. The US and the Soviet Union mobilised spies across the globe, supported proxy armies from the jungles of Southeast Asia to Central America, and deployed vast nuclear arsenals capable of annihilating life as we know it.
 
Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The peril from this new hybrid type of warfare incorporates cyber tactics focusing on soft targets designed to disrupt businesses, our economy and other areas of our society that were normally safe from adversaries.
 
As the primary theater of battle shifts online, the powerful deterrence offered by nuclear stockpiles has been undermined by software exploits, weaponized propaganda delivered through social media-oriented disinformation sites, and hackers-for-hire who can help even the most obscure splinter group destabilise a world power. Indeed, cyberattacks are the ultimate in asymmetric warfare, enabling both countries and non-state actors build robust offensive capability without spending great amounts of capital.
 
Compounding the problem, there is no national defense strategy to block attacks against the private sector. The nightmare scenarios of novelists can barely keep pace with the real possibilities of the new Cold War. In Ghost Fleet by August Cole and P. W. Singer, a fictional World War III sees hackers taking power plants offline, widespread disabling of foreign-manufactured smart devices, drones everywhere, and hidden backdoors in software creating havoc on the global economy. 
 
Meanwhile, the very same ideas are under intense discussion at West Point and Annapolis.
 
The Cyber Cold War isn’t just a matter for military and intelligence personnel to ponder. It can easily affect the life of any business. Personal financial information can be stolen and sold for profit by a crime ring, or used to finance a terrorist attack. 
A company’s intellectual property can be targeted by an industrial rival, or its systems sabotaged, or its stock price manipulated by a fake Twitter account, or its reputation and business relationships ruined through leaks and hoaxes.
 
Citizens can be disenfranchised by hacked voting systems that render polling places inoperable or change recorded votes. 
Cities can be imperiled by attacks on the electrical power grid, or on the systems controlling large dams, or even on the connected cars and smart homes that fill their streets and neighborhoods.
 
What can you do about it? In our interconnected world, the lines between espionage, war, and business can be all too blurry. If you run a business, work with sensitive data, or work in cybersecurity, you’re already considered fair game, and so are your customers.
 
Here are some practical defensive approaches regardless of the size of your business. 
 
• Use two-factor authentication everywhere you can. Weak passwords/password reuse is one of the biggest problems out there for any organization large or small, and using two factor authentication can significantly raise the effort required for attackers.
• Apply full-disk encryption for laptops and mobile devices to mitigate the risk posed by lost or stolen devices.
• Use public cloud services where you can. Microsoft, Google, and AWS field much larger security teams than most companies, put them to work to help protect your business.
• Secure your application layer. As sensitive information moves to the app layer, hackers follow; such attacks already account for 30% of successful breaches, according to Verizon, yet the majority of security budget is still allocated to the network. Defensive technologies for web applications and APIs are now critically important.
 
To keep your organisation out of the line of fire, you’ve got to take the threat seriously, be smart about your defensive strategy, and stay alert for new developments. After all, Cold War drama is best kept confined to the page or the screen, not the data center or boardroom.
 
HelpNetSecurity
 
You Might Also Read:
 
Is Cyber The Perfect Weapon?:
 
A New Cold War Will Not Be Based On Hardware:
 
« Security Flaws In Smart City Technology
Hackers Stealing High Grade Academic Research »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce has partnered with Purdue University and Carnegie Mellon University to create the Rolls-Royce Cybersecurity Technology Research Network.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

Spera Security

Spera Security

Spera helps identity security professionals effectively and confidently measure, prioritize and reduce identity risk to better protect the organization from identity-based attacks.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.