Jake Olcott, VP of Government Affairs at Bitsite said that like the nuclear cold war between the US and the Soviet Union in the 1980s, countries are stockpiling cyberwarfare capabilities and using those reserves as a threat or a deterrent to their enemies. Russia, China, North Korea, and others have the capacity to launch sophisticated attacks against U.S. businesses. Using armies of “cyber soldiers,” these nation-states can easily target critical infrastructure, including utilities and financial systems -- if they so desire.
Last week the World Economic Forum published an article – “These will be the main cybersecurity trends in 2020” – warning of a new cyber cold war between Western and Eastern countries fuelled by trade wars. But there’s also another player fanning the flames: Iran.
Tensions with Iran stoke fears
Olcott said that given the intensification of hostilities between the US and Iran following the death of General Qasem Soleimani, the threat of cybersecurity ramifications against the West has heated up. This is nothing new. Iran has long been known for its adversarial use of cyberattacks targeting both national infrastructure, governments, and private enterprises. The challenge is that these attacks are becoming gradually more unpredictable and the divide between military and non-military targets is becoming increasingly blurred.
"Without any question, Iran’s asymmetric approach to warfare uses cyberattacks as “a continuum of conflict”, leaving America and its allies braced for additional “payback”. What form that will take remains unknown. However, based on previous Iranian-sponsored cyber tactics, instead of a significant “take-out” of critical infrastructure targets (which would, in effect, be a declaration of all-out war), there is a high probability that any retaliation could strike at the core technologies and internet-based systems that encompass our daily actions and drive the consumer economy, such as credit card processing platforms, airport IT systems, transportation logistics, and even retail-giants", Olcott said,
In doing so, Iran would be blowing up the old way of thinking that our adversaries need to take down entire power grids or bomb American interests to disrupt our everyday life and gain geopolitical advantage. Instead, they can simply use the threat of cyber warfare to disrupt the country’s business interests.
Businesses are ill-equipped to deal with the cyber cold war threat
Olcott warned that the threat should be enough to make organisations sit up, take notice, and begin taking control of their cyber defences -- especially since protecting their interests (and, as a result, the interests of US and European citizens) falls squarely on their own shoulders.
Since the origins of our democracy, we have looked to the government to defend us militarily. The same isn't true of cyber warfare.
"Businesses and private-held companies must square off against well-funded nation-states and proxy groups – on their own. This is also the official line from the government. In the days following Soleimani’s death, the Department of Homeland Security warned US companies to “consider and assess” the possible impacts and threat of a cyberattack on their businesses, reports TechCrunch.
Yet, many businesses are ill-prepared. Our own research shows that in the business services sector, for example, almost half of the companies are at a high risk of a cyber breach. The same is true for the retail, healthcare, finance, utilities, and technology sectors," Olcott said.
How to defend against the new reality of cyber-warfare
It may seem like an insurmountable mountain to climb, but it doesn’t have to be. Implementing the latest security solutions and ensuring these systems are up-to-date and patched is the first step. The second is for businesses to continuously monitor their own security posture – and that of their domestic and global sub-contractors, partners, and suppliers – in real-time. In doing so, they can quickly and efficiently expose potential vulnerabilities that nation-state threat actors and cybercriminals exploit to gain access and control of networks and data.
"As nation-states like Iran and others boost their cyberwarfare capabilities and exhibit more unpredictability in their military and cyber-attack strategies, businesses need to be prepared and up their defences. They must take every step to mitigate cyber risk within their organisations because even if countries don’t deploy their arsenals, the threat is real -- and corporations are quite literally alone on the battlefield", Olcott said.