- A string of high-profile cyber attacks in recent months has exposed vulnerabilities in the critical infrastructure of even advanced nations.
- This has reinforced the need for improved defences against actual, and potential, cyberattacks by all countries across continents.
AMERICA UNDER ATTACK
Several high-profile cyber attacks were reported from the United States during the past several months.
- Towards the end of 2020, for instance, a major cyberattack headlined ‘SolarWinds’, believed to have been sponsored from Russia — had rocked the U.S.
- It involved data breaches across several wings of the U.S. government, including defence, energy and state.
- Later in early 2021, thousands of U.S. organisations were hacked in an unusually aggressive cyberattack, by a Chinese group Hafnium.
- The group executed the attacks exploiting serious flaws in Microsoft’s software, thus gaining remote control over affected systems.
- U.S. has also witnessed three more major attacks-
- An audacious ransomware attack by Russia/East Europe-based cybercriminals, styled DarkSide, on Colonial Pipeline, which is the main supplier of oil to the U.S. East Coast.
- The siege was lifted after Colonial Pipeline paid out several million dollars as ransom to unlock its computers and release its files.
- Next, Russia-backed group, Nobellium, launched a phishing attack on 3,000 e-mail accounts, targeting USAID and several other organisations.
- Early this month, JBS SA, the U.S. subsidiary of a Brazilian meat processing company, was the target of a ransomware attack; the company also paid a ransom in millions.
NOW, CIVILIAN TARGETS
- Cyber, which is often referred to as the fifth domain/dimension of warfare, is now largely being employed against civilian targets, bringing the war into our homes.
- Most nations till date have been concentrating mainly on erecting cyber defences to protect military and strategic targets, but this will now need to change.
- Unlike previously where the banking and financial services were most prone to ransomware attacks, recently even oil, electricity grids, and health care are being increasingly targeted.
- Hence, defending critical civilian targets against cyberattacks is almost certain to stretch the capability and resources of governments across the globe.
ZEROING IN ON HEALTH CARE
- With data becoming a vital element in today’s world, personal information has become a vital commodity.
- Especially at this time, when a pandemic is raging, the number of cyberattacks on health-care systems is cause of worry.
- All indications are that cybercriminals are increasingly targeting a nation’s health-care system and trying to gain access to patients’ data.
- This available data aggravates the risk not only to the individual but also to entire communities.
- Today’s cybercriminals, specially those specialising in ransomware and similar attacks, are different from the ordinary run-of-the-mill criminals.
- They are becoming more sophisticated, and are now engaged in stealing sensitive data in targeted computers before launching a ransomware attack.
- Many are known to practise ‘reverse engineering’ and employ ‘penetration testers’ to probe high secure networks.
MOTIVATION BEHIND CYBERATTACKS
- Motivation for cyberattacks can be:
- for (some) nation states, the motivation is geopolitical transformation;
- for cybercriminals, it is increased profits;
- for terror groups, the motivation remains much the same, but the risk factor may be lower.
- However, it is ‘insider threats’, due to discontent with the management or for personal reasons that could well become an omnipotent reality.
NEED FOR DATA PROTECTION
- As data becomes the world’s most precious commodity, attacks on data and data systems are bound to intensify. Hence, cybersecurity essentially hinges on data protection.
- Reportedly, we create more than three quintillion bytes of data everyday— with several billion devices interconnected to billions of end point devices exchanging petabytes of sensitive data, on the network. This is only bound to grow.
- Ensuring data protection could hence, prove to be a rather thankless task, complicating the lives of Information and other security professionals.
- Nations that are adequately prepared — conceptually and technologically and have made rapid progress in artificial intelligence and quantum computing like technologies will have a clear advantage over states that lag behind in these fields.
- Building deep technology in cyber is essential. New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities.
- There is also a need to put pressure on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
The value of the data can be well understood from the quote by IBM Chairman, Arvind Krishna-Cybersecurity will be “the pressing issue of this decade” and that “value lies in the data and people are going to come after that data”.