War and Cyber Security
Much has been talked about the ongoing conflict and the impact of it on the geopolitics and global markets. What all this means to cyber security ? Do we have to worry about it? Are we really prepared for it? Do we have enough time and resources to prepare for it? Lets have a look. Your thoughts are most welcome.
Stage
As world is becoming more turbulent and testosterone is high on all sides, no weapon is out of option including nukes. The most visible weapon being used against Russia is sanctions. What is not being said and might remain a secret spy story for years to come is how cyber war unfolded and helped in tilting war to one side. If Enigma was highlight of WW2, honey trapping of cold-war then DDoS, Ransomware, Trojan, Social Engineering and attack on supply chain might see spike in coming days. It might start from targeted attack but may fallout to others.
Base
Stuxnet. Pegasus. WannaCry, NotPetya. Do I need to say more? If you are not aware of these, a simple Google search on the back stories of these will take you where I want you to lead.
Actors
Participants: As things will escalate, we can see more targeted attacks. Worst of it may come if Governments start allowing, incentivizing or turn blind eye on non-state actors to target enemies. Everything is fair in Love and War, and this is WAR.
Opportunists: If you haven't read the story of "Two cats and the monkey", do it. While others are in chaos, some of those who are not part of the conflict may start using situation for their own advantages. The same we can expect with state, non-state and state sponsored elements who will try to take advantage of the situation. Clickbait and malware might be spread in disguise of call for donation, news, exclusive video etc. In this age of viral content with peer to peer sharing coupled with negligible thought given by users on authenticity of source, it will have huge impact in short time.
Recommended by LinkedIn
Fire
Social Engineering and Phishing: Be it end-users or corporate employee, all will be target of this cyberwar. Mobile devices and emails will be the direct target. New crop of news and donation websites will also sprout to spread malware. This is the high time users and employees are regularly alerted about such attacks. They should be reminded to validate the authenticity before clicking any link, opening any file or visiting unverified or too tempting website.
Supply Chain: With use of open source software, you need to be extra careful as anybody can create or contribute to open source projects. I am not saying open source software are less secure than closed source. What I mean is that you should be extra vigilant about picking the projects those have seen sudden increase in contribution (importantly from new users) or the projects which are not maintained by credible sources. Never miss to scan the code by yourself. Subscribe to alerts for technologies you use, including proprietary components (software or hardware).
IT Infra: Your web portal, webservices, mobile apps or any other interface that are connected to external word should be closely monitored and no warning should be ignored. A lesson from Stuxnet episode can be learned that even if you were not the target, you still can become the casualty of conflict. If you are using public clouds, talk to your cloud provider and understand your responsibilities, understand what all protection mechanism they have and how you can protect your infrastructure. With the level of market turmoil, you might be able to get a better deal from your cloud provider.
Action
Cyber security is not a cheap. It is certainly going to require more budget allocation than ever for above said reasons. Since global economy in facing challenges, it will be a tough task to get money allocated for cyber security. So, how do you prepare for it? I would recommend to break down your cyber security activities as follow and optimize the money you have:
Final thoughts: Be vigilant, don't let your guards down and prepare for worst.
