Taking a byte out of cyber threats
Cyber attacks may be a relatively new phenomenon, but in a short time frame have come to be assessed as dangerous as terrorism.
Cyber Attacks in recent past
- Stuxnet Worm in 2010
- A bank of computers belonging to the Saudi Aramco Oil Company
- Qatari natural gas company, RasGas
- SolarWinds and Colonial Pipeline in the U.S.
Cost of cyber crimes
- Estimates of the cost to the world in 2021 from cyber attacks are still being computed, but if the cost of cyber crimes in 2020 (believed to be more than $1 trillion) is any guide, it is likely to range between $3trillion-$4 trillion.
- Cyber crime damage costs would become more profitable than the global trade of all major illegal drugs combined.
- Each succeeding year, despite an increase in cyber threats, witnessed no change in the method of response.
- Cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe. In the Information age, data is gold.
- Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns.
- A little publicised fact is that the vast majority of cyber attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.
- According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments. Health-care ransomware has been little publicised, but the reality is that ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality.
- For instance, despite all talk about managing and protecting data, the reality is that ransomware is increasing in intensity and is tending to become a near destructive threat, because there are many available soft targets.
- Apart from loss of data, what is also becoming evident is that ransomware criminals are becoming more sophisticated, and are using ransomware to cripple large enterprises and even governments.
- The huge security impact of working from home, dictated largely by the prevailing novel coronavirus pandemic, must again not be underestimated as it is likely to further accelerate the pace of cyber attacks.
- A tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages.
- Advanced Persistent Threats (APT) attacks are set to increase, with criminal networks working overtime and the Dark web allowing criminals to access even sensitive corporate networks.
- Instead of attempting to devise standard methodologies, and arrive at certain international norms that govern its use, a decade of misplaced effort by the West in preparing for a ‘potential Pearl Harbour type of strike’ has enabled cyber criminals to gain the upper hand.
- While the West focused on ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost. It led to misplaced ideas and erroneous generalisations, resulting in a decade of lost opportunity.
- While preventive and reactive cyber security strategies are needed — and are essential to mitigate cyber risks — they are proving to be highly illusive in an increasingly hyper-connected world.
- Technology geeks, meanwhile, are having a field day, insisting on every enterprise incorporating SASE — Secure Access Service Edge — to reduce the risk of cyber attacks.
- Additional solutions are being proposed such as CASB — Cloud Access Security Broker — and SWG — Secure Web Gateway — aimed at limiting the risks to users from web-based threats.
- It could reinforce the belief that when it comes to deterrence in cyber space, what is required is not a piece of ‘grand strategy’: low and medium tech, low and medium risk targeted operations could be just as effective.
- A related aspect is to prevent individual companies from attempting their own tradeoffs — between investing in security and maximising short-term profits.
- Nations and institutions, instead of waiting for the ‘Big Bang cyber attack’, should actively prepare for a rash of cyber attacks — essentially ransomware — mainly directed at available data.
- The emphasis should be on prioritising the defence of data above everything else.
- Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber attacks.
- On the strategic plane, understanding the nature of cyber space is important.
- While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’.
- The short answer is to prioritise building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analog or physical, and building capacity within networks to survive’ even if one node is attacked.
- Building deep technology in cyber is essential. New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities.
- Nations that are adequately prepared — conceptually and technologically — and have made rapid progress in artificial intelligence and quantum computing and the like will have a clear advantage over states that lag behind in these fields.
- Pressure also needs to be put on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
- Failure to build resilience — at both the ‘technical and human level — will mean that the cycle of cyber attacks and the distrust they give rise to will continue to threaten the foundations of democratic society’. Preventing an erosion of trust is critical in this day and age.
Visit Abhiyan PEDIA (One of the Most Followed / Recommended) for UPSC Revisions: Click Here
IAS Abhiyan is now on Telegram: Click on the Below link to Join our Channels to stay Updated
IAS Abhiyan Official: Click Here to Join
For UPSC Mains Value Edition (Facts, Quotes, Best Practices, Case Studies): Click Here to Join