In the latest high-profile hacking case to grab headlines this week, multiple government agencies in the United States were reportedly attacked by Russian hackers in a carefully orchestrated effort.
It is another reminder of the fraught situation for many governments and businesses seeking to protect their digital assets and data in an increasingly polarised world.
And things are not going to get easier. 5G, with its reach and speed of access, will provide yet another avenue, or threat vector, for hackers in the years ahead to mount attacks, says Gaurav Chhiber, vice president of Asia-Pacific and Japan at IronNet.
The cybersecurity firm has developed technology that promises to hunt for threats in a network. It also develops automated defences built on analysing what’s happening across industries.
Chhiber says that despite technologies such as 5G and cloud being highly politicised today, there is still room for collaboration between trusted parties, so that threats can be more quickly identified and analysed.
In this month’s Q&A, he calls for a more concerted effort for businesses and governments to ward off increasingly bold and sophisticated cyber threats.
NOTE: Responses have been edited for clarity and house style.
Q: With 5G networks mushrooming around the globe, some experts have raised fears of cyberattacks that can now come at a higher velocity. How real of a worry is that?
A: The high-speed connectivity that 5G promises and the proliferation in the number of interconnected devices will increase the threat vectors that adversaries can exploit and attack.
If unprepared for this new wave of advanced cyberattacks, enterprises may be vulnerable to threats that impact their revenue and fraud that compromise their brand reputation.
Time and resources are also required to investigate, remediate and recover from attacks. It is crucial that enterprises look ahead at the cybersecurity challenges that may come with 5G and equip themselves with forward-looking security tools and measures.
Q: As a technology, 5G itself has been highly politicised. Will we see this pattern repeat itself on any technologies to emerge in future, say, AI or cloud, for example?
A: Yes, an unfortunate parallel to the growing benefits of technology is the associated cybersecurity and political risk it brings, and AI and cloud are no different.
Cybersecurity today is no longer about protecting just the infrastructure, it is about protecting the interactions between users, applications, devices and the cloud.
Like 5G, new technologies are set to govern the future of critical infrastructure as they underpin the interactions and communication that citizens rely on.
For example, we are seeing AI applications leveraged in nations’ healthcare and banking systems, and will potentially lead self-driving networks.
We have also seen some companies have an influence in shaping global norms and standards as they enable connectivity and implement their technologies across the globe, resulting in some political impact.
Threat actors will take advantage of any opportunity that aligns with their goals, whether it is to instil fear and panic to stakeholders of the target organisation, or if they are driven to reap financial benefits or cause political distress.
All these disruptive technologies present a growing threat surface and new risks to nation-states and opportunities for exploitation.
Q: In recent years, cyberattacks have been increasingly weaponised by state actors, like traditional weapons. Is there any way this will change in the years ahead?
A: As per the latest 2020 Data Breach Investigations Report from Verizon Enterprise Solutions, 55 per cent of data breach attacks this year result from organised crime groups and close to 10 per cent of attacks were due to nation-state motives.
This trend is likely to continue as state actors use cyber warfare to replace conventional war. One example is how the elections in some countries around the world are systematically targeted by other nations.
We also continue to see the risk in critical infrastructure such as power, transport, airlines, banking, healthcare, maritime and media.
Q: In a polarised world, how can security experts come together to share threat knowledge to prevent more attacks?
A: Most companies are still dependent on their enterprise defense strategy and capability at an individual level, with minimal visibility of the larger ecosystem of networks.
The problem with siloed cyber defense is that no one organisation can guarantee that the outcome of their threat detection will be ideal as it depends on the advancement of their tools and personnel.
There needs to be a paradigm shift from the individual level to collective defense where enterprises come together to share knowledge while maintaining anonymity.
First, they have to increase visibility into the threat landscape. Focus on detecting threat behaviours in the early stages in place of using traditional signature-based threat detection tools.
By focusing on threats; tactics, techniques and procedures (TTPs), organisations have a better chance in detecting advanced threats
Second, leverage the power of collective defense. State actors and organised cybercriminal groups have enormous resources available at their disposal.
Enterprises sometimes cannot fight powerful threat actors alone, and hence collaborating with other enterprises and industries to stay ahead of evolving threats through real-time threat sharing is helpful.
This kind of operational threat behaviour sharing adds a new dimension in the ecosystem and enable the effect of crowd sourcing – companies work together, to help each other and share their learnings – in real time.
Collective defense is especially crucial today with attacks becoming bolder and more sophisticated. It ensures the protection of not just single companies, but sectors at large given that adversaries often move laterally to find weak spots and attack the larger network.