The picture of cyber threats to critical assets and infrastructure isn’t pretty. As nation-states become even more adept at wreaking havoc via cyber attacks, security specialists around the globe are working to spread warnings and awareness of the possible impacts of these threats. The potential blows sound so dire, many are left wondering about the realistic reach of a nationwide cyber attack.
Industry insiders and government security experts are quick to respond to skeptics who feel that warnings of potential nationwide cyber attacks are unfounded or overstated: “A cyber attack perpetrated by nation states or violent extremists groups could be as destructive as the terrorist attack on 9/11,” states Leon E. Panetta, former US Secretary of Defense.
The 2018 Worldwide Threat Assessment clearly states the likelihood of cyber attacks on a national level. The report highlights state-sponsored cyber attacks in 2016 and 2017 against Saudi Arabia and Urkaine. The target of the attacks included commercial networks, government systems, and critical infrastructure. In addition, broad-reaching malware and ransomware attacks have already disrupted global shipping and production lines for companies around the globe, including companies in the United States. The report goes on to say, “[The Intelligence Community] remains concerned by the increasingly damaging effects of cyber operations and the apparent acceptance by adversaries of collateral damage.”
As nation-states and transnational criminals look to cyber attacks as a fairly inexpensive and difficult-to-track method of disabling and disrupting enemy nations, the volume and complexity of these attacks is expected to increase. And, organizations large and small will likely have to cope with the impact on their own. The government and private sector in the United States still have a ways to go in terms of coordinating a cyber response plan. In an interview with NATO Review, the White House’s former director of cyber infrastructure protection explained, “When it comes to stopping cyber attacks or resolving cyber conflicts, the government has very few levers that it can use to make it better … So most of the problems are solved by the private sector, and they need more government support to help.”
In this environment, companies must have a clear picture of their overall cybersecurity posture so they are able to identify and respond to risks and vulnerabilities. Through an objective IT audit that includes a security risk gap analysis, security risk assessment, and vulnerability remediation, organizations are better armed with the defenses necessary to take on cyber attacks.