Resilience in the era of cyber attacks
When most of us think about national security, thought immediately goes to more conventional threats in the form of physical attacks on territory. Few consider the ‘behind the screens’ cyber power battles that can take down entire networks that governments, organisations and citizens rely on for protection and survival.
By Roger Sels, VP Solutions at BlackBerry
We are living in a digital world with a threat landscape that is evolving at an astronomical rate. As society becomes more digitally enabled and dependent, our leaders can no longer turn a blind eye to the cyber conflicts that threaten our national security and the lives of our citizens on an almost daily basis.
The SolarWinds hack on the United States federal government served as a wake-up call to the world’s governments. It’s now clear that having a highly trained, prepared and well-funded defensive cybersecurity operation in place is an essential component of any national security strategy and is integral to a country’s resilience. Indeed, Boris Johnson has recently committed billions to cyber defence in the UK.
The Integrated Review of Security, Defence, Development and Foreign Policy includes a full-spectrum approach to the UK’s cybersecurity capabilities, which are designed to improve defences and deter potential attackers. However, putting a strategy like this into practice is no mean feat. To strengthen cybersecurity capacity, governments must be able to draw on expertise, technologies and resources by forging stronger public-private partnerships and joint ventures with cybersecurity specialists and organisations, who are able to support a prevention-first approach.
The current state of play
Today’s threat landscape boasts a multitude of threat actors, ranging from organised cybercrime to adversarial nation-states, all with different motives. To stand a chance of keeping up with the evolving cyber threat landscape and the most sophisticated threat actors, governments and organisations need to adopt emerging best practices, including learning how to execute a prevention-first strategy with advanced detection and response capabilities.
The Crimeware-as-a-Service model is sweeping the cyber world. Professional criminals are now developing advanced tools, “kits”, and other packaged services which are then offered for sale or rent to other, less experienced criminals. This is creating a wide range of capabilities and operational outcomes that are becoming increasingly difficult to track.
For instance, in May 2021 a massive distributed denial of service (DDoS) attack took down the websites of more than 200 organisations across Belgium, including government, parliament, universities, and research institutes. A DDoS attack is designed purely with the intent of disrupting websites and services, taking them offline by overwhelming them with an excessive amount of traffic. Typically, when disruptive attacks of this scale and nature are deployed, it is as a smokescreen for other activities – merely serving as a distraction while other attacks are being orchestrated.
Such attacks can be carried out over several standard protocols and in a way that makes blocking and remediating them very difficult. The vulnerability and lack of capability to withstand them now being exposed mean there is little stopping the adversary from restarting the attacks the very next day.
DDoS’s tactic of covering up advanced compromises and data exfiltration is the known methodology of a large nation state adversary, responsible for multiple international hacking campaigns. It is just one example of the techniques that criminal networks and nation states now have readily at their disposal, a worrying sign pointing to the magnitude of the current cyber state of play.
Cyber resilience today
Resilience is a national security topic, the gravitas of which has only recently started to be recognised by governments. They cannot afford to sit back and put their networks, services and citizens at risk. However, the scale and speed at which the threat actors are developing means that, to defeat them, a collaborative approach is key. It can’t be a case of starting from scratch when it comes to security technology. Instead, finding trusted partners and secure technology that can serve as allies while defending nationalinfrastructure will place countries in strong stead for the future.
Alongside outsourcing, there is also an immediate requirement for education. The nature of ‘behind the screens’ cyber battles is that, unlike physical security threats, the vast majority of the time the general public remains unaware of their scale and severe impact on the networks that keep the country running. At present, people don’t understand what is being defended, or the sheer scale and potentially catastrophic impact these cyberattacks can have on society. While they do not need to know the ins and outs of the cyber threat landscape, an understanding of the immediacy and importance of an effective national cyber strategy is important.
Technology as an ally
The message of the UK’s Integrated Review is clear – effective use of data, trusted security partners, and a regulatory standard will be pivotal to a comprehensive cyber strategy that can sufficiently detect, disrupt, and deter adversaries.
Providing security teams with the tools and technology to perform in-depth compromise assessments and setting up systems with 24/7 continuous threat hunting should be high on the agenda of any CISO. The reality is endpoint detection and response (EDR) focused solutions take action too late and do not prevent breaches. Prevention should be the strategy.
A prevention-first security posture begins with neutralising malicious threats prior to the exploitation stage of the kill-chain. By stopping them at the exploitation stage, specialist cybersecurity solutions help organisations increase their resilience, reduce infrastructure complexity, and streamline security management.
The advanced nature of these systems and level of expertise required for threat detection means governments and organisations must be willing to invest in public-private partnerships and joint ventures if they hope to succeed with a prevention-first approach to cybersecurity.