With transformation of the digital landscape into a highly complex phenomenon, cyber attacks from state and non-state actors have continued to increase. While the use of new types of devices, networks and infrastructure has enabled countries and businesses to move forward with success, the involvement of the same has also exposed vulnerabilities in security systems, policies and practices. Foreign nations and organized crime groups use this form of asymmetrical warfare to target strategic or tactical resources involving government and corporate networks.
On the other hand, with the rise of extremism, a new type of cyber warfare threat is emerging. It involves terrorist groups deploying targeted malware to hunt down their opponents. While this phenomenon is relatively new, it could be the ideal time for governments and businesses to build preventive tools to avert any risk, which can only strengthen in the short to medium term. Employees of micro blogging website Twitter receiving threats following removal of suspicious accounts are well-documented, and it could be foolish on our part to weigh perpetrators’ capacity as not good enough to hack into social media servers to spread their propaganda.
These developments along with most of the major military powers being equipped with offensive cyber capabilities have made cyber warfare one of the most significant threats for national and international security. The future of data defense in cyber warfare risk management does not obviously portray an encouraging picture as an increasing number of states will acquire offensive capabilities. The importance of risk management in cyber warfare acquires added significance as NATO has recently declared that a large-scale cyber attack could potentially trigger a military response in the future. “The decision marks an expansion of the organization’s remit, reflecting new threats that can disable critical infrastructure, financial systems, and government without firing a shot.”
The US Computer Emergency Readiness Team is quoted to report that the number of reported breaches involving federal computer networks increased to 46,605 in 2013 from 26,942 in 2009. In 2013, the US reportedly notified 3,000 companies about cyber attacks. Menacingly, the number is believed to reflect “only a fraction of the true scale of cyberintrusions into the private sector.” Although the US spends $10 billion per year to secure its sensitive intellectual property, the effort is “being undermined by federal employees and contractors” and “the government is struggling to close holes without the knowledge, staff or systems to outwit an ever-evolving foe.”
From the perspective of risk management and future data defense, they show the importance of vigilant employees in mitigating cyber risks. Trained employees avoid opening attachments, clicking links spam emails, leaving their systems unattended, visiting virus-infected websites and using old passwords while untrained and negligent employees puts data at risk from cybercriminals and malevolent insiders. According to Assistant Secretary of Defense and cybersecurity adviser Eric Rosenbach, “We’ll always be vulnerable to… human-factor attacks unless we educate the overall workforce.”
Another important means to protect data breach involves identification of the most critical set of information that warrants utmost protection. It should be followed by an investigation leading to finding ways to protect it while it should be constantly monitored alongside a continuous assessment of the storage/network itself. This also involves entrusting the most efficient employee with the responsibility of guarding the most critical data set.
Although the traditional defenses – from using reputable antivirus software to monitoring accounts for suspicious activity – may not provide full protection against sophisticated attacks, implementing the industry best practices ensures early detection which, in turn, allows restricting the damage to the lowest minimum level. Some of the practices include closing the organization’s doors to malware, stressing how important securing data is, teaching the dangers of over-sharing in social networking websites and encouraging the culture of risk reporting.
It is not difficult to foresee that cyber attacks will become more common and sophisticated, aiming at large-scale damage. To enhance cybersecurity capabilities, businesses and governments must seek multinational and bilateral cooperation. While such cooperation will increase operational efficiency and help build contingency planning, technological innovations and expertise from the private sector will help ensure prosperity, security, and stability.
Risk Management Studio is a risk management toolkit combining information security and technology risk management with business continuity planning for one easy to use solution. RM Studio is a turnkey deployment design that will immediately streamline the operational risk management for the implementation and maintenance of an effective and efficient ISMS, as well as meet the compliance requirements outlined in management standards such as ISO 27001:2013 and GDPU, Cyber Essentials.