Cybersecurity: The Fourth Battleground

In recent months, there has been significant momentum within the U.S. government and lawmakers to introduce more stringent and effective cybersecurity legislation. To a great extent, this is motivated by the need to deter adversaries from attacking public sector agencies, to safeguard critical infrastructure and to require defense and intelligence agencies to better protect themselves.

For example, in August of 2021, U.S. lawmakers introduced a bipartisan bill that will require businesses to report cybersecurity incidents to the government. The underlying objective is that it will allow authorities to “mobilize to protect critical industries across the country.”

This comes on the heels of a presidential executive order in May 2021, which focused on accelerating the pace of investment and modernization required to improve the nation’s cybersecurity. Public and private sector cooperation is seen as key, with the executive order establishing a range of deadlines to enact policy.

The pressure to take steps to bolster cybersecurity has been growing. Among the many increasingly sophisticated attacks on the public sector IT infrastructure of countries around the world, the SolarWinds hack perhaps did more than any other to galvanize politicians and encourage them to take action. As reported across many news outlets, both the U.S. and UK governments blamed Russia’s Foreign Intelligence Service (the SVR) for the supply chain attack, in an exchange of rhetoric reminiscent of the Cold War.

The problems associated with ransomware alone have been unprecedented. Indeed, earlier this year, a group of over 60 organisations around the world, including Amazon, Microsoft, the FBI and the UK National Crime Agency, formed the Ransomware Task Force (RTF), calling on governments to take action. In releasing recommendations to address the problem, the organization not only described ransomware as a danger to public health but also a national security threat.

Delivering Proactive Protection

While the moves to enact tougher laws and compliance standards represented an important step in the journey to increase levels of protection, without better technology solutions sophisticated nation-state adversaries are likely to stay one step ahead of the curve. Few would argue that government-led enforcement is key, but there are obvious limitations on the jurisdiction of any domestically-drafted laws, particularly when illegal activities are state-sponsored, and by definition, covert.

These developments also acknowledge that cybersecurity has joined land, sea and air to become the fourth theater of conflict. From a risk/reward perspective, it’s a theater of operations that offers a lot of advantages. For instance, attacks can be carried out with little or no repercussions, yet have devastating practical consequences. Attackers are not waging war or committing acts of aggression in the traditional sense and there are as yet few examples where attacks have caused human casualties. However, each incident adds to the underlying tension and suspicion that exists on the international stage.

In practice, the ability of public sector agencies to deliver improvements depends on addressing a range of priorities and risks, including those presented by infected files and documents. Malware spread through files and documents that are created by cybercriminals and shared by the millions between individuals, teams and across organizations, they represent a major attack vector that is constantly being exploited.

Defending Against File-Based Threats

A major part of the problem is that while most organizations understand the need to defend against file-based malware and ransomware, too many still rely on a completely reactive response based on established antivirus and sandboxing technologies to protect their valuable files and everything they contain.

While this offers a degree of protection, the problem is that nearly 70% of malware found embedded within files is of an unknown variant when it is received. In effect, this malicious content is invisible to reactive cybersecurity technologies, leaving users with a major gap in protection and a potentially catastrophic security blind spot. Without more effective strategies, many organizations rely on a combination of ineffective technologies and inadequate user training to ensure that suspicious files and links aren’t opened.

As the weaponization of information technology escalates at an alarming rate, organizations must significantly improve their ability to proactively identify and defend against attacks, irrespective of their source and motivation. Failure to do so will leave more organizations at even greater risk of disruption and damage, tactically outmatched by adversaries who are relying on the weaknesses inherent in many of today’s IT networks for their success.