Skip to main content

Taking a byte out of cyber threats

Cyber attacks may be a relatively new phenomenon, but in a short time frame have come to be assessed as dangerous as terrorism. The world was possibly made aware of the danger and threat posed by cyber weapons with the advent of the Stuxnet Worm in 2010, which resulted in large-scale damage to Iran’s centrifuge capabilities. Two years later, in 2012, a bank of computers belonging to the Saudi 

 

Aramco Oil Company were targeted, reportedly by Iranian operatives, employing malware that wiped out data on 30,000 computers. A few weeks later, Iran was again believed to have been behind a targeted attack on the Qatari natural gas company, RasGas. The string of instances appear to have provoked then United States Defence Secretary, Leon Panetta, to utter the warning that the world had to prepare for a kind of ‘cyber Pearl Harbour’, highlighting a new era of potential vulnerabilities.

Static response

In the decade that followed, and while preparing for a ‘potential Pearl Harbour’ type of strike, including seeking ways and means to retaliate in the eventuality of such attacks, the West seemed to lose its way on how to deal with the emerging cyber threat. Each succeeding year, despite an increase in cyber threats, witnessed no change in the method of response. The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber attacks but no changes in methodology have been seen. In 2021, cyber attacks that attracted the maximum attention were SolarWinds and Colonial Pipeline in the U.S., but these were merely the tip of a much bigger iceberg among the string of attacks that plagued the world. Estimates of the cost to the world in 2021 from cyber attacks are still being computed, but if the cost of cyber crimes in 2020 (believed to be more than $1 trillion) is any guide, it is likely to range between $3trillion-$4 trillion. What is not disputed any longer is that soon, if not already, cyber crime damage costs would become more profitable than the global trade of all major illegal drugs combined.

Sectors that are vulnerable

As 2022 begins, the general consensus is that the cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe. In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns. Results are also likely to far eclipse the damage stemming from the COVID-19 pandemic or any natural disasters. A little publicised fact is that the vast majority of cyber attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.

According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments. Health-care ransomware has been little publicised, but the reality is that ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality.

Far more than merely apportioning costs linked to cyber crime is the reality that no organisation can possibly claim to be completely immune from cyber attacks. While preventive and reactive cyber security strategies are needed — and are essential to mitigate cyber risks — they are proving to be highly illusive in an increasingly hyper-connected world. Comprehending the consequences of this reality could be devastating.

For instance, despite all talk about managing and protecting data, the reality is that ransomware is increasing in intensity and is tending to become a near destructive threat, because there are many available soft targets. Statistics in this regard are also telling, viz., that new attacks are taking place every 10 seconds. Apart from loss of data, what is also becoming evident is that ransomware criminals are becoming more sophisticated, and are using ransomware to cripple large enterprises and even governments. Talk of the emergence of ‘Ransomware as a Service’ (RaaS) — a business model for ransomware developers — is no mere idle threat.

The huge security impact of working from home, dictated largely by the prevailing novel coronavirus pandemic, must again not be underestimated as it is likely to further accelerate the pace of cyber attacks. A conservative estimate is that a rash of attacks is almost certain to occur on home computers and networks. Additionally, according to experts, a tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages. Furthermore, even as Identity and Multifactor Authentication (MFA) take centre stage, the gloomy prognostication of experts is that Advanced Persistent Threats (APT) attacks are set to increase, with criminal networks working overtime and the Dark web allowing criminals to access even sensitive corporate networks.

Scant clarity

Unfortunately, and despite the plethora of such evidence, cyber security experts appear to be floundering in finding proper solutions to the ever widening cyber threat. There is a great deal of talk among cyber security experts about emerging cyber security technologies and protocols intended to protect systems, networks and devices, but little clarity whether what is available can ensure protection from all-encompassing cyber attacks. Technology geeks, meanwhile, are having a field day, insisting on every enterprise incorporating SASE — Secure Access Service Edge — to reduce the risk of cyber attacks. Additional solutions are being proposed such as CASB — Cloud Access Security Broker — and SWG — Secure Web Gateway — aimed at limiting the risks to users from web-based threats. Constant references to the Zero Trust Model and Micro Segmentation as a means to limit cyber attacks, can again be self-limiting. Zero Trust does put the onus on strict identity verification ‘allowing only authorized and authenticated users to access data applications’, but it is not certain how successful this and other applications will prove to be in the face of the current wave of cyber attacks. What is most needed is absent, viz., that cyber security experts should aim at being two steps ahead of cyber criminals. This is not evident as of now.

Unique challenges

Missing from the canvas is that cyber technology presents certain unique challenges which need particularised answers. Instead of attempting to devise standard methodologies, and arrive at certain international norms that govern its use, a decade of misplaced effort by the West in preparing for a ‘potential Pearl Harbour type of strike’ has enabled cyber criminals to gain the upper hand. While the West focused on ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost. It led to misplaced ideas and erroneous generalisations, resulting in a decade of lost opportunity.

This situation needs to be reversed. A detailed study of the series of low- and medium-level proactive cyber attacks that have occurred during the past decade is clearly warranted. It could reinforce the belief that when it comes to deterrence in cyber space, what is required is not a piece of ‘grand strategy’: low and medium tech, low and medium risk targeted operations could be just as effective. A related aspect is to prevent individual companies from attempting their own tradeoffs — between investing in security and maximising short-term profits. What many companies and even others fail to realise is that inadequate corporate protection and defence could have huge external costs for national security, as was evident in the SolarWinds attack.

Defence and backup plans

Nations and institutions, instead of waiting for the ‘Big Bang cyber attack’, should actively prepare for a rash of cyber attacks — essentially ransomware — mainly directed at available data. The emphasis should be on prioritising the defence of data above everything else. Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber attacks.

On the strategic plane, understanding the nature of cyber space is important. While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’. This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.

The short answer is to prioritise building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analog or physical, and building capacity within networks to survive’ even if one node is attacked. Failure to build resilience — at both the ‘technical and human level — will mean that the cycle of cyber attacks and the distrust they give rise to will continue to threaten the foundations of democratic society’. Preventing an erosion of trust is critical in this day and age.

 

Comments

Post a Comment

Popular posts from this blog

A GLIMPSE OF ONE OF THE FIRST LOVE.......

True spirit amongst aspirants TUMHE DEKHA TO LAGA KI...  ABHI ABHI MERA JANM HUA HAI, TERE AANE KI AAHAT, MERE DIL KI YE GHABRAHAT..., ROSHANI KA TUMHARE SATH AKAAR, KYA YE HAI MERE MAN KI PUKAR..., TU MUSKURAI MAI STABDH RAH GAYA, HAN MAIN BHI MUSKURAYA...... AUR  MUJHE PYAR HO GAYA.... MAIN YE SONCHATA HE RAH GAYA... ISWAR AAJ SURYODAY KE ANTIM PAHAL ME, RASTA KYUN BHOOL GAYA..... IN ENGLISH WHEN I SAW YOU I FELT THAT I WAS BORN JUST NOW, THE FEAR OF YOUR ARRIVAL, THE FEAR OF MY HEART, THE LIGHT WITH YOU, IS THIS THE CALL OF MY HEART...., YOU REMAINED STILL IN  SMILE, YES I ALSO SMILED IN LOVE  I HAVE BEEN THINKING THAT WHY DID GOD FORGET THIS WAY  IN THE LAST MOMENT OF SUN.....
3 comments
Read more

VAGUENESS IN FEDERALISM......

 Chhattisgarh Chief Minister Bhupesh Baghel and Rajasthan Chief Minister Ashok Gehlot on Friday wrote to Prime Minister Narendra Modi opposing the proposed amendments to the Indian Administrative Service (Cadre) Rules 1954. The proposed amendments will give overriding powers to the Union government to post All India Services (AIS) officers such as the IAS, the Indian Police Service and the Indian Forest Service (IFoS) to Central Ministries and departments without the State government’s nod. Mr. Baghel and Mr. Gehlot are second in line after West Bengal Chief Minister Mamata Banerjee to convey their opposition against the proposed amendments to Mr. Modi. Sense of ‘instability’ Mr. Baghel said the amendments could be misused and “a sense of instability and ambiguity is likely to arise among the officers of the All India Services, who are posted at various important posts in various districts and also at the State level.” He said the proposed amendment granted the Centra...
Post a Comment
Read more

ACTUAL FEELING OF SOLVING REAL.......

to prepare you to face Aasma hai behad khoobsoorat, Rangaeen roshni aa rahi hai falak pe..... Sampoorn dharatal hai bheega,  Jeevan ke pahar mein Ambar bhi mahak raha, Vasudha ke upvan mein Chintan mein hai dhara, Aas lagaye sunya se, Milogi mujhe ya rah jaogi chitiz mein...... IN ENGLISH The sky is very beautiful, Colorful light coming on the sky.... It's complete strike, It will be wet in the mountain of life, The sky is also fragrant(garden) in the wake of vasudha (earth), The river is in the thoughts. Hope you will meet sunya(sky) or you will remain in the chitiz(at the location where sky and earth will meet)............ SKY MEANS SOMEONE ELSE EARTH MEANS MYSELF.
4 comments
Read more

TOURISM IS THE NEED OF HOUR WHY ?

BIG QUESTION There is an awareness in the government that the absence of tourist infrastructure is a major reason why India loses out to Southeast Asia.                 India has a vast basket of living and diverse cultural traditions, Traditional expressions, intangible cultural heritage comprising masterpieces which need institutional support and encouragement with a view to addressing areas critical for the survival and propagation of these forms of cultural heritage. Preserving our heritage is enshrined as a Fundamental Duty in our Constitution .   STEPS HAVE BEEN TAKEN Prime Minister Narendra Modi recently inaugurated the Kushinagar international airport.   ● The airport in eastern UP, the third international airport in the election-bound state, will mainly service the Buddhist tourism circuit. ●   The Sri Lankan Airlines flight carrying monks and dignitaries was the first to land at the airport. st Asian nations such as Indon...
Post a Comment
Read more

The Budget spells green shoots for agri-subsectors

At the time it was presented, and in the context of the Assembly elections in five States — now underway in Uttar Pradesh, Punjab, Uttarakhand, Manipur and Goa https://sites.google.com/view/insightsdev/home  the Union Budget was expected to contain measures to boost consumption expenditure. But the Government chose instead to focus more on capital expenditure. There were no major announcements on agriculture or rural development. Given the recent turmoil as a result of the farmers’ protests and the repeal of the farm laws, this was a little surprising. However, a closer look at the Budget presents a different picture. Allotments, key subsectors It is important to look at the budgetary allocations for agriculture from the perspective of agricultural growth and farmers’ income. Agriculture has registered a robust performance during the COVID-19 pandemic and has clocked decent growth rates of 4.3% and 3.6% during 2019-20 and 2020-21. Growth is projected to be about 3.9% i...
Post a Comment
Read more

GLOBAL HEALTH PROFILE VULNERABILITY.......

  THE ONGOING GLOBAL HEALTH EMERGENCY HAS PARALYSED ECONOMIES WORLDWIDE AND REVEALED THAT THE HEALTH SYSTEMS IN MOST COUNTRIES ARE UNDER-PREPARED TO COPE WITH ANY MAJOR HEALTH EMERGENCY. It has posed large-scale health challenges as millions of people (172,430,557 as on 3 June 2021) have been infected and lakhs of casualties (3,706,682 as on 3 June 2021) have occurred. The importance of public health does not need elucidation as the pandemic has revealed that inadequate attention to public health can have disastrous consequences on the masses. High-income countries such as Canada, Sweden and Germany, despite their exceptional public health systems, have had to struggle to contain the pandemic by experimenting with a number of uncertain alternatives. Understandably, the struggle for middle and low-income countries, having weak public healthcare systems, limited finances and large populations has been grim.   India too, has been grappling with the pandemic and the ...
Post a Comment
Read more

first ever scientific bird atlas......

 The Kerala Bird Atlas (KBA), the first-of-its-kind State-level bird atlas in India, has created solid baseline data about the distribution and abundance of bird species across all major habitats, giving an impetus to futuristic studies. Conducted as a citizen science-driven exercise with the participation of over 1,000 volunteers of the birdwatching community, the KBA has been prepared based on systematic surveys held twice over 60 days a year during the wet (July to September) and dry (January to March) seasons between 2015 and 2020. The KBA accounts for nearly three lakh records of 361 species, including 94 very rare species, 103 rare species, 110 common species, 44 very common species, and 10 most abundant species. “The KBA offers authentic, consistent and comparable data through random sampling from the geographical terrain split into nearly 4,000 grids. We are in the process of bringing out papers on interesting trends based on a scientific analysis of solid dat...
Post a Comment
Read more

INS L3

  so good morning everyone so welcome to the third class and uh in this class probably we'll be covering our backlogs and we'll be entering the extremist era sorry moderate era and once we are done with the moderates we'll have to rush to the extremists and then probably will have to welcome gandhi so always like will keep the class interesting and entertaining but today in order to cover the backlogs i need to cut other stuffs and focus only on the subject fine please bear with me for today and tomorrow onwards the classes will be as usual fine uh this is a request on my side and sorry for the inconvenience cost yesterday there was a like power cut for last three to four hours yesterday therefore like there was a failure of the system and uh that led to the inconvenience we regret it fine so we'll start so yesterday like let us have a slight recap of things that we studied yesterday one thing is like good morning and even today please promise fine if you want to meet g...
Post a Comment
Read more

R&D .......ANTRIX PVT ORGANIZATION UNDER ISRO

  The Antrix-Devas saga may be the most high-profile case of a technology deal gone sour in India, but little has changed in India to incentivise high-technology deals involving private and public companies and prevent similar occurrences in the future. The Supreme Court upheld a decision by the National Company Law Tribunal to disband Devas Multimedia, though this is not necessarily the end to the dispute. International courts have given verdicts favouring the private consortium seeking compensation from Antrix for cancelling a 2005 deal to lease satellite spectrum to the company to offer multimedia services. The deal was cancelled in 2011 by Antrix, a public company and marketing arm of the Indian Space Research Organisation, on grounds of “national security”. Clarity lacking Though there have been several space missions and the government has announced steps to have greater collaboration with the private sector, experts say nothing rules out the reoccurrence of a s...
Post a Comment
Read more

MY SONOROUS JOURNEY FOR BENGALURU.....

Is jahan mein hai aur na hoga Mujhsa koi bhi kushnaseeb.
Post a Comment
Read more