Hackers Are Fighting A Surrogate Cold War

The Cold War of the mid-twentieth century played out as a truly epic conflict. The US and the Soviet Union mobilised spies across the globe, supported proxy armies from the jungles of Southeast Asia to Central America, and deployed vast nuclear arsenals capable of annihilating life as we know it.
 
Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The peril from this new hybrid type of warfare incorporates cyber tactics focusing on soft targets designed to disrupt businesses, our economy and other areas of our society that were normally safe from adversaries.
 
As the primary theater of battle shifts online, the powerful deterrence offered by nuclear stockpiles has been undermined by software exploits, weaponized propaganda delivered through social media-oriented disinformation sites, and hackers-for-hire who can help even the most obscure splinter group destabilise a world power. Indeed, cyberattacks are the ultimate in asymmetric warfare, enabling both countries and non-state actors build robust offensive capability without spending great amounts of capital.
 
Compounding the problem, there is no national defense strategy to block attacks against the private sector. The nightmare scenarios of novelists can barely keep pace with the real possibilities of the new Cold War. In Ghost Fleet by August Cole and P. W. Singer, a fictional World War III sees hackers taking power plants offline, widespread disabling of foreign-manufactured smart devices, drones everywhere, and hidden backdoors in software creating havoc on the global economy. 
 
Meanwhile, the very same ideas are under intense discussion at West Point and Annapolis.
 
The Cyber Cold War isn’t just a matter for military and intelligence personnel to ponder. It can easily affect the life of any business. Personal financial information can be stolen and sold for profit by a crime ring, or used to finance a terrorist attack. 
A company’s intellectual property can be targeted by an industrial rival, or its systems sabotaged, or its stock price manipulated by a fake Twitter account, or its reputation and business relationships ruined through leaks and hoaxes.
 
Citizens can be disenfranchised by hacked voting systems that render polling places inoperable or change recorded votes. 
Cities can be imperiled by attacks on the electrical power grid, or on the systems controlling large dams, or even on the connected cars and smart homes that fill their streets and neighborhoods.
 
What can you do about it? In our interconnected world, the lines between espionage, war, and business can be all too blurry. If you run a business, work with sensitive data, or work in cybersecurity, you’re already considered fair game, and so are your customers.
 
Here are some practical defensive approaches regardless of the size of your business. 
 
• Use two-factor authentication everywhere you can. Weak passwords/password reuse is one of the biggest problems out there for any organization large or small, and using two factor authentication can significantly raise the effort required for attackers.
• Apply full-disk encryption for laptops and mobile devices to mitigate the risk posed by lost or stolen devices.
• Use public cloud services where you can. Microsoft, Google, and AWS field much larger security teams than most companies, put them to work to help protect your business.
• Secure your application layer. As sensitive information moves to the app layer, hackers follow; such attacks already account for 30% of successful breaches, according to Verizon, yet the majority of security budget is still allocated to the network. Defensive technologies for web applications and APIs are now critically important.
 
To keep your organisation out of the line of fire, you’ve got to take the threat seriously, be smart about your defensive strategy, and stay alert for new developments. After all, Cold War drama is best kept confined to the page or the screen, not the data center or boardroom.
 
HelpNetSecurity
 
You Might Also Read:
 
Is Cyber The Perfect Weapon?:
 
A New Cold War Will Not Be Based On Hardware:
 
« Security Flaws In Smart City Technology
Hackers Stealing High Grade Academic Research »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Tarlogic

Tarlogic

Tarlogic works to protect and defend your security with the highest quality technical team with next generation solutions to achieve the best protection.

Mindflow

Mindflow

Mindflow is dedicated to bringing answers to the challenges the cybersecurity field and beyond face today.