The world is hardly wired for cyber

Context: Cyberattacks are poised to undergo more fundamental changes, and there is a need for re-equipping defence strategies.

Changing paradigm of cyberattacks

• America under attack: A recent string of high-profile cyberattacks has exposed vulnerabilities in the critical infrastructure. Examples:
  • SolarWinds: By the end of 2020, believed to have been sponsored by Russia, involved data breaches across the U.S. government, including defence, energy and state.
  • Chinese group Hafnium: By early 2021, they exploited serious flaws in Microsoft’s software, thus gaining remote control over affected systems.
  • DarkSide: Ransomware attack by Russia/East Europe-based cybercriminals on Colonial Pipeline, compelling company to temporarily shut down operations.
  • Nobellium: Russia backed phishing attack on 3000 e-mail accounts, targeting USAID and other organisations.
• Civilian as targets: Fifth domain/dimension of warfare (cyber) is now largely being employed against civilian targets, while our defences are restricted to military domains.
  • This has heightened the of Zero-day software the capability to cripple a system and could lie undetected for a long time.
  • The most celebrated Zero­ day software of this kind to date is Stuxnet, which almost crippled Iran’s uranium enrichment programme.
  • Ransomware attacks have skyrocketed. India is particularly vulnerable as it has large number of mid-sized companies, which face a catastrophic situation if attacked.
  • Major methodologies: Ransomware and phishing, including spear phishing.
  • Expanding vulnerable sectors: Banking and financial services were most prone to ransomware attacks till date, but oil, electricity grids, and health care, have begun to figure prominently.
• Zeroing in on healthcare: Compromised ‘health information is proving to be a vital commodity for use by cybercriminals.
• Changing nature of cybercriminals:
  • Today’s cybercriminals, especially those specialising in ransomware and similar attacks, are different from the ordinary run­of­the­mill criminals.
  • Many are known to practise ‘reverse engineering’ and employ ‘penetration testers’ to probe high secure networks.
  • Motivation for cyberattacks vary: For (some) nation-states, the motivation is geopolitical transformation; for cybercriminals, it is increased profits; for terror groups, the motivation remains much the same, but the risk factor may be lower.
  • Rise in ‘insider threats’: Due to discontent with the management or for personal reasons.
• Data boom and associated threats: We create more than three quintillion bytes of data everyday (some put it at over 2.5 quintillions) with several billion devices interconnected to billions of end point devices.

Way forward: Towards secure data protection regime

• Utilise and expand ‘Zero Trust Based Environment’ tools: These are software defined solutions for agile perimeter security, secure gateways, cloud access security, privileged access management, threat intelligence platforms, static and dynamic data masking, etc.
• Preparation remains the key: Leverage opportunity that come along new technologies such as artificial intelligence, Machine learning and quantum computing.
  • Pressure needs to be put on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
• Ensuring data protection: The data life cycle can broadly be classified into data at rest (when it is being created and stored), data in motion (when it is being transmitted across insecure and uncontrolled networks), and data in use (when it is being consumed).