By Goh Eng Choon, President for Cyber, ST Engineering
From sabotaging, stealing and destroying valuable enterprise data to crippling critical information infrastructure as the precursor to a conventional war, cyber-attacks are harbingers of chaos to both nations and businesses.
But the dynamics in cyber warfare are different. Classical military theory often calls for a numerical superiority ratio of 3:1 to win a battle with good probability and acceptable risks. In cyber warfare, this rule is overturned as smaller actors have an asymmetric advantage.
Small but deadly
While cyber attacks may not result in high human casualties or physical destruction, we have witnessed their devastating effects – disrupting lives and crippling everything from satellite communications to energy-generating wind turbines.
Take cyber espionage as an example. At the corporate level, companies have been caught stealing information in deliberate attempts to erode the competitive edge of their competitors. At the national level, top secret military intelligence and aviation technologies have been leaked.
In an increasingly digital world, the convergence of digital networks and systems has resulted in a global spike in cyber-attacks. In 2021 alone, governments worldwide saw an 18.9-fold increase in ransomware attacks, while healthcare institutions faced a 7.6-fold increase in similar breaches.
The asymmetric nature of such attacks means that it only takes a small team of very talented people with the know-how to cause catastrophic disruption. Given their power to wreak massive economic and social damage, cyber-attacks could well be the new weapons of mass destruction in this digital age.
The Invisible Enemy
The threat is ever present. Some cooperatives may be passive, biding their time to steal information, while others are destructive and have the capabilities to cripple the operations of countries and organisations.
Cyber warfare, unlike physical combat and gunfights, can also be hard to spot. Stealth attacks make detection a challenge as we fight without full visibility and situational awareness. A lot of times, it can be difficult to trace or understand the extensiveness of the threat or damage. By the time companies or countries intervene, it can sometimes be too late.
As more interconnected systems come under perpetual attacks, the lines between peacetime and wartime cybersecurity are increasingly blurred. With no formal declaration of war – not to mention the difficulties of identifying the adversary – it is hard for countries to determine their defence readiness condition (DEFCON) state and ascertain when a skirmish becomes a full-fledged war.
No organisation should be a sitting duck, reacting only when the damage is done. All should maintain a proactive stance to mitigate and respond to such attacks. While investing in cyber defence is increasingly a priority among big corporate entities, many small and medium-sized enterprises (SMEs) still regard cybersecurity measures as cost drivers and tend to put them on the backburner. No surprise, then, that SMEs are the top targets of cyber criminals – they are three times more likely to be attacked than their larger peers.
A United Front
Given the volatile nature of cyber threats, every individual, organisation and country is crucial to keeping the cyber ecosystem secure. Here are three key areas to look into:
First, it is important to inculcate good cyber hygiene as everyone plays a role in cybersecurity. Sharing ways to stay cyber safe helps sharpen vigilance and ensure best practices – from exercising caution in the sharing of sensitive information to using certified cybersecurity products to better protect data.
Second, an organisation-wide mindset change is needed. Leaders must not regard cybersecurity as an afterthought or implement measures merely as a response to government legislation. Instead, cybersecurity should be seen as an enabler by providing greater value to its consumers.
Third, cyber diplomacy should be fostered among countries and industries. In this highly interconnected digital world, we would collectively benefit by building closer ties and being more open to sharing information. Many attackers are already sharing information and if organisations work in silos, they will be on the losing end. It is therefore important to create a safe platform where organisations and nations can come together to share their experiences and expertise in combating cyber threats.
Arming to disarm threats
Protecting cyberspace should not just be the leaders’ job. Instead, guarding against asymmetric cyber attacks is the responsibility of everyone in an organisation.
To begin, organisations should work within a cyber-secure network. For instance, in this era of increased remote working, sensitive data in transit and at rest should always be strongly encrypted from one end to another. This way, even if it falls into the wrong hands, hackers will not be able to make sense of the data as it will take them many years to decrypt the information.
Encrypted information in transit must also be secured. Critical networks should be segregated from other networks to create additional layers of defence. Connecting to workplaces and high-security clearance sites through virtual private networks is one way to achieve this segregation. For sites which require an even higher level of security, cross-domain solutions allow for highly secured unidirectional communication and isolated networks across sites.
Defending critical infrastructures from cyber attacks takes more than just antivirus software. Having an advanced cybersecurity operations centre to monitor these systems and networks will enhance the detection and response capabilities so that threats can be blocked and eliminated in a timely manner.
Ultimately, building cybersecurity capabilities in people is paramount to levelling up an organisation’s capabilities. We need to shift our paradigm from passive defence to active defence and from reactive to predictive to be able to guard against and prevent attacks. Cyber defenders must start moving away from conventional task-based cybersecurity analysis to adopt a holistic, pre-emptive and proactive approach that is enabled by automation, cyber threat intelligence, and comprehensive threat awareness. This allows cybersecurity defenders to detect anomalies, anticipate hackers’ moves, and provide actionable insights for C-Suites and analysts to make informed decisions to combat cyber attacks. At the end of the day, we need to secure what matters and people will still be the last line of defence to ensure a safe cyber future.
About the Author
Goh Eng Choon is the President of the Cyber Business Area at ST Engineering, a global technology, defence and engineering group with a diverse portfolio of businesses across the aerospace, smart city, defence and public security segments. He is also an appointed member of the Cybersecurity Advisory Group, a panel of eminent cybersecurity experts whose expertise may be tapped for cybersecurity issues or cyber threats that confront Singapore.
Eng Choon can be reached at our company website https://www.stengg.com/