Cyberwarfare has been called the “fifth domain of warfare,” joining land, sea, air, and space as an arena where battles can take place. While conventional forms of conflict aren’t going anywhere anytime soon, there’s no doubt computer code, mouses, and keyboards are joining guns, bombs, and missiles as tools of war—and preventing hacks has become an issue of national security.
Cyberwarfare is the use of digital attacks by one country to disrupt the computer systems of another with the aim of causing damage, death, or destruction. The infrastructure of government and civil society is increasingly digital, and the things people depend on in their everyday lives—banking systems, power grids, transportation networks, and telecom, to name a few—run on computer networks. Today, one hack can dismantle this digital network and cause untold amounts of chaos.
If the gravity of the situation hasn’t sunk in yet, just think about a hack that targets the government—it could put lives at risk. What if a cyber attacker broke into a drone research lab or nuclear arsenal? It’s terrifying to imagine, but it’s the reality the world is facing. In 2010, for instance, word got out about “the world’s first true cyberweapon,” known as Stuxnet. This virus, delivered through a thumb drive, was deployed against the Natanz nuclear facility in Iran. It reportedly destroyed a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. The attack went undetected for months and opened the door for the era of cyberwarfare.
Understand the many facets of cyberwar
A number of attacks have followed since then:
- In 2015, hackers compromised three utility networks in Ukraine and shut off the power supply to 30 substations, leaving 230,000 people without electricity for hours just two days before Christmas. Ukraine’s president, Petro Poroshenko, said the investigation pointed to the “direct or indirect involvement of secret services of Russia, which have unleashed a cyberwar against our country.”
- The United States has also been on the receiving end of Russian cyberwarfare, as anyone who’s read the news recently knows. In 2016, US intelligence discovered Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the US presidential race. It was a multipronged attack that included the hacking of the DNC by groups associated with Russian intelligence.
- North Korea is believed to have a strong cybersecurity arsenal, which it used to hack into Sony Pictures in 2014. North Korean hackers also tried to steal $1 billion from the New York Federal Reserve, waged a ransomware attack that briefly crippled Britain’s National Health Service, and stole classified military documents from a South Korean Defense Ministry database.
- China is another big player associated with cyberwar. While most of the attacks originating from China target private sector companies, there’s evidence of state-supported hackers who use cyber attacks to gather information on institutions related to the Chinese government, including embassies, foreign ministries, and other countries’ government offices.
These examples prove that cyberwar is a multifaceted, global problem—and it’s even more concerning because the attacks are notoriously difficult to trace, thanks to the lack of international law governing cyberwarfare.
Make preventing hacks your top priority
As many of these examples make clear, cyber attacks can be waged against multiple targets, not just those in the public sector. Private sector organizations can also be targeted, with serious national implications. In fact, hackers may view private businesses as opportunities to bypass national defense systems.
But you can’t win the larger cyberwar without winning the smaller battles within individual businesses first. Preventing hacks needs to be a priority for every business—both for its own benefit and the greater good. Regardless of the scale or target of the attack, you should implement a few security best practices to protect your company against threats. The strongest security strategies operate from both the top down and the bottom up: It’s not enough to set high-level policies if the employees on the bottom rungs of the corporate hierarchy aren’t covering their tracks. That said, it’s up to you to make cybersecurity a priority by creating policies, conducting trainings, and procuring technology that keeps attacks at bay.
Muster your IT troops for battle
The first step you should take is shoring up common areas of weakness, like passwords. It may seem basic, but it’s shocking how many people reuse the same passwords on multiple sites and rarely change them. Third-party providers can also expose an organization to attack, so it’s important to make sure all vendors abide by the same set of security and password guidelines as the rest of your organization.
In an IT landscape with more endpoints than ever before, many organizations fail to adequately secure their expanding networks. While great for productivity and flexibility, mobile devices are also vulnerable to threats, like data leakage, phishing, insecure Wi-Fi access, and outdated software. You can address these risks by providing ongoing training on identifying phishing attacks or funneling mobile traffic through an enterprise VPN. In all aspects of mobile security, employee education is critical.
Print security is also essential, as printers tend to be an overlooked, yet highly vulnerable, target. The most effective methods for preventing printer hacks include procuring devices with built-in security features that can stop attacks the moment they start. Such printers provide continuous monitoring and run-time intrusion detection, and they can even self-heal from attacks. Capabilities like access controls, password protections, and an auditing system can also keep printers safe.
US Cyber Command and NSA head admiral Michael Rogers told the Senate Armed Services Committee that a worst-case scenario involves “outright destructive attacks focused on some aspects of critical infrastructure” and data manipulation on a massive scale. The threats of cyberwarfare are very real and already wreaking havoc across the globe. In this environment, you have a responsibility to secure your business’s endpoints and fight back against intruders—both to protect your business and your country.