Amidst the perpetual and turbulent innovation and adoption of tech-oriented ecosystems by the world, the looming threats are overshadowing them at a much faster and smatter pace. It is not a topic of discussion anymore how much tech-dependent the whole world has become, however, it certainly begs other branches for discourse; cyber threats, hacking, ransom wares, etc.
From a smartphone in your hand to the satellite from which you are reaching your destination with the help of digital navigation, the sky is the limit for cyber-attacks, so much so that nations are developing state-of-the-art infrastructures to tackle them instantaneously.
Cyber-attacks have become a new strategy for warfare. We have already seen in Mr. Robot how stealing crucial data and information can drag someone to knees, be it an individual or even a country as well. Hackers are developing new methods and techniques every day to pass through the encryptions and security infrastructures. On the corporate level as well, concerns about cyber-attacks have been elicited. Stories about large organizations being targeted by ransomware, malware, and other cybercrime reach the news almost daily. If companies want to more efficiently limit the risks of cyber-attacks, they should invest smarter rather than more. Many organizations currently still mainly select their investments based on past information, but choosing a flexible approach based on system dynamics would provide ample space for improvement.
These attacks lead to significant expenses, but also to leaked private data and, in extreme cases, even to highly classified information being exposed. It is a world in which the attackers and their approach continuously evolve and innovate. However, while companies grow or shrink and continuously deal with new situations, their security policies only get limited adjustments.
To learn more about how cyber attacks have shaped modern warfare and how countries are adapting their strategies, I spoke with Aladdin Elston, Head of Information Security, Altimetrik.
Cyber security has become a matter of national security for almost every country and with the ongoing situation, the need to strengthen the cyber security of nations has become an alarming concern. I wanted to know how much relevance does Aladdin find in the statement, to which he replies-“Cyber security is extremely relevant in today’s times. Every country has a national interest to secure its state and critical infrastructures. These concerns are growing in the current geopolitical landscape, nation-states are now attacking critical infrastructure, distributing propaganda and misinformation online to increase the effectiveness of their real-world campaigns. In addition to this many of our nations are interconnected in partnerships, if of crucial importance to ensure we protect and strengthen those connections now.”
My Next question was obviously would be about the various ways and levels of cyber threats that can compromise a nation’s cyber security, on its national security spectrum. Aladdin elaborated this very insightfully. He said, “The number of cyber threats is vast and rapidly increasing, I like to think of them in terms of what is critical to a nation’s security, whether it be public or private. These are complex while being more interconnected than ever. Over the last few years, we have witnessed attacks on government power-producing SCADA networks such as Stuxnet while the banking industry regularly faces banking malware such as ZueS and not to forget the litany of ransomware attacks on finance and medical services where hackers seek to capture and steal private data. National and regional services like telephony, chemical, energy power plants, railways, and bridges also face growing numbers of exploratory and malicious attacks.
Sectors such as emergency and communication networks have been facing attacks where hackers try to completely disrupt the service. More recently during the pandemic, the worldwide supply chain network was the most important and critical service transporting essentials and medical aid to people, and we all witnessed how workforce and backlogs affected distribution worldwide, attacks on a distribution network could have wide felt ramifications. Disruptions to any one aspect of these services would have a drastic effect on the security of a nation. We live in an age with complex connectivity to the internet and nations and allies around the world, as such individual nations are responsible for not only their security but also for partners states across the globe.”
With threats of almost every type on the rise, especially in Defense and military sector, where information is extremely crucial and sacrosanct, My next question was about the strategies and resilience systems are in place to respond almost instantaneously to those threats that can be and should be incorporated, according to you? To which Aladdin answered, “As a start, exploring national security programs for support and information and performing overall cyber hygiene, as they say, prevention is better than cure.
Prioritizing identification of your critical infrastructure, gathering insights, and having complete awareness of your assets is critical to securing your environment. Leveraging trusted partnerships with teams of experienced security professionals and developing a plan for preparedness whether it be your national emergency communication and incident response or coordination with key stakeholders and technical advisors is a critical action plan. The next steps would be to perform tests and response activities from time to time ensuring the smooth functioning of the solutions put in place. Developing a core services and capabilities pool with internal and external assessment teams, establishing sector partnerships, and regularly performing cyber security fundamental training and exercises go a long way to ensure attacks are averted or in the worst-case scenario combated effectively. Encrypting private and confidential data, patch systems as required, tracking security events with logging, implementing zero-trust and segregated networks, and tracking your security incident data for education are always effective security fundamentals.”
He further added, “At Altimetrik leveraging our PTAAS, DevSecOps, and Security Maturity Transformation services, we perform regular and thorough analyses of our customer’s environments which are followed up by transformation, education, and support system exercises to remediate vulnerabilities in networks and devices.”
My last question was about PM Modi’s not so long ago made a statement, “The more we deploy our formidable IT power in the Defense Sector, the more confident we will be regarding our security.” I asked about the level of resonance he feels with the statement to which he replied in agreement and quite extensively as well. He said, “I agree security is a continuous process and currently many critical systems are connected online for remote administration and monitoring and are naturally at risk. Deploying critical infrastructure cyber security, network, cloud, IoT (Internet of Things), and application security to defend national infrastructure can start to instill a sense of confidence however regular and continuous testing ensures that you avoid the pitfall complacency. The underlying infrastructure is vulnerable to a wide range of risks stemming from both physical and cyber threats and hazards. Sophisticated teams of attackers and nation-states are focused on exploiting vulnerabilities in those systems. These same attackers are developing capabilities to disrupt the availability, destroy, or threaten the delivery of essential services that are critical to keeping a nation safe and secure. Critical infrastructures are particularly difficult to secure due to several factors. More and more of these systems are coming online every day with little focus on the security required to defend them combined with the difficulty of reducing their vulnerabilities due to knowledge and skills gaps in the industry. We are facing wide-scale high-consequence events that could harm or disrupt the economies of nations at large. With that in mind and the risk and potential consequences of these cyberattacks, all allied nations need to strengthen the security and resilience of their infrastructure. In my view, some of the industry potentials goes untapped, red tape and entry-level requirements could be keeping a ready workforce from joining the fight to defend the nation. Thankfully Altimetrik has joined the ranks of organizations tapping into those unseen resources, military veterans making the transition to civilian life, people returning to work, and juniors completing college can complete cybersecurity boot camps to bridge the knowledge gap and complete on-the-job training to become fully functional in cyber security roles.” He further added, “The key to this journey is leveraging transferable skills and training a new workforce to respond to the growing demand in the industry.”
Mayank Vashisht | Sub Editor |ELE Times