Defending the Digital World
How do we defend our future selves? It’s a tough question, especially when key national infrastructure and supply chains are increasingly in the private sector and evolving quickly. Many businesses simply aren’t clear what they will be defending in the future, and from whom. James Hatch, Director of Cyber Security at BAE Systems Applied Intelligence, explains the steps the digital world needs to take.
We are grappling with the fact that in as little as two or three years’ time, the world will have changed in ways that are difficult to predict today. While we may not yet know exactly where digitalisation will take us, it’s clear what’s driving change. Ever more economic activity is moving online and the Internet of Things, automation, instrumentation and increasing data abundance will continue that trend.
The challenge of an interconnected world
One of the principal virtues of digitalisation is its ability to overcome physical distance and bring people from all over the world closer together. But what does that mean for security?
Traditionally, we tend to think of security differently at a local and a global level. Locally, security means protection of our family and home from the threats in our neighbourhood. From an enterprise point of view, it means protecting business operations, buildings, staff and reputation. When these things are attacked, we expect the laws of the local jurisdiction to be enforced, typically by the police.
When it comes to threats from other countries, we assume they will be dealt with by the government on our behalf. We expect governments to maintain the intelligence capabilities to understand threats to national security and the military capabilities to deter or respond to aggression from a foreign government or state-sponsored actors.
Physical space and geography is central to the way we think about threats, and where the responsibility lies for tackling them.
Security in the digital world
In the digital world, however, physical distance becomes irrelevant. If you’re defending a business or organisation in a highly connected world, you need to be able to understand and deal with threats from all over the globe, by different actors with various motivations. Lines of responsibility also become blurred – in a world without boundaries, who makes the rules and enforces them?
With so much uncertainty, it’s unsurprising that most businesses take an ‘inside-out’ approach to cyber defence, focusing on themselves and the things they can control. However, this can leave them blind to the threats lurking beyond their immediate environment.
Cyber attackers are highly connected – information, ideas and techniques are shared quickly and adapted to target a huge number of organisations across the globe. Unlike the businesses they target, cyber criminals care little for geographies or sectors.
Three levels of attacks
Cyber attackers typically target us in three ways. To use a simple analogy, they start by looking for open windows through which they can enter undetected. It requires minimal effort and poses very little risk to the attacker.
If all the windows are locked, they have to try more sophisticated methods. They will knock on the front door and try to trick their way in. Organisations are increasingly subject to these types of targeted attacks and use active monitoring and response to address them.
As we get better at defending our windows and doors, attackers are forced to undertake more difficult and costly methods. The third option is to target the very foundations on which the house is built, by subverting the technology on which business and security depends. Because of the level of sophistication required, these attacks have so far tended to be state-based but we should expect to see the proliferation of these techniques as we have with others.
There is inconsistency in how we defend ourselves against these attacks. We still see businesses struggle to balance priorities successfully. They miss the basics because they are distracted by complicated security technology, and so leave windows and doors open. Or they lack the capacity to defend against targeted attacks because they are too busy running around closing windows.
Threat is a constant
Cyber attackers aren’t going to stop trying or adapting their techniques. In the next few years the volume of threats that businesses and organisations will have to defend themselves against will continue to rise considerably and evolve. Ransomware attacks have increased from less than ten per cent of incidents to nearly half in less than two years, but this balance will change again.
We’ve also reached a tipping point. Thanks to cloud computing, more of the information that matters most to businesses and organisations exists outside of an organisation’s four walls rather than inside it. To go back to the earlier analogy, our fixation on using technology and experts to close windows is misplaced if most of the silverware has been moved to a warehouse on the other side of town.
Responding to a changing landscape
We are making giant leaps forward in our approach to cyber defence. Our understanding of the threat landscape, the various actors and the techniques they use to target businesses and organisations has never been greater. Venture capital and competition are driving a high level of technical innovation. And good quality guidance and information-sharing forums are increasingly accessible.
But the threat landscape we face is constantly changing. It is a dynamic environment where every measure we put in place has a countermeasure. The threat to businesses, governments and society is constantly evolving as cyber attackers seek to create and exploit new vulnerabilities.
If you would like to join our community and read more articles like this then please click here.