Cyber Warfare is On the Rise
A solid risk management program can help
Here we go again.
Microsoft recently announced a hacker group targeted a U.S. presidential campaign, in an apparent effort to influence the 2020 election.
This headline reads like deja vu.
Except this time the culprit is Iran, not Russia. And not only was a presidential campaign targeted, but so were current and former American government officials, journalists and prominent Iranians living outside Iran, Microsoft said.
In a 30-day period between August and September, a hacking group called Phosphorus made 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers. They then attacked 241 of those accounts but only compromised four. None belonged to U.S. government officials or members of presidential campaign staff, Microsoft said.
This incident is just one of many recent cyber warfare attacks, Microsoft said. To date, the company has made more than 800 notifications of attempted nation-state attacks to customers subscribed to Microsoft’s AccountGuard product, which provides monitoring and threat notifications on Office 365 accounts.
While this kind of high-stakes, ultramodern antagonism might seem only imaginable in Hollywood cinema, it’s an alarming reality the entire world faces in 2019.
Acting Director of National Intelligence Joseph Maguire said cyber warfare is the single biggest threat facing our democracy in 2019.
“We do face significant threats, I’d say No. 1 is not necessarily kinetic, it’s cyber, this is a cyber war,” Maguire said in an open hearing to the House Intelligence Committee in September. “We talk about whether or not the great competition is taking place with Russia and China, and we are building ships and weapons to do that, but in my estimation the great competition with these countries is taking place right now and is doing that in the cyber realm.”
The latest attack on Microsoft customers shows that public and private sector firms must be on alert for acts of cyber warfare.
A recent survey by Tech Pro Research found only 28% of 248 respondents said they have not been a victim of some form of security attack. Meanwhile, 86% said they were highly or moderately concerned with cyberwarfare attacks more than they were with general security risks.
So how do firms protect themselves in this new area of cyberwarfare? They start with a formidable risk management program, says TalaTek President and Founder Baan Alsinawi.
“Risk management is critical to forming the basis of a sound and strategic cybersecurity program for organizations of all sizes. It is best accomplished through an initial risk assessment where data is identified, categorized and ranked according to the perceived impact on an organization should its data be exposed, lost or stolen,” Alsinawi said.
At a minimum, organizations should take the following 7 steps to protect their data:
- Set up multi-factor authentication for users accessing your network.
- Utilize access control to manage who gets access to what data.
- Use encryption to protect data at rest and in transfer.
- Enable access to secure, encrypted backups.
- Manage your vendors and partners accessing your systems.
- Be sure to have in place disaster recovery and continuity of operations plans.
- Engage cybersecurity frameworks and other regulatory controls to manage and monitor systems.
Following these seven steps should be the minimum requirement for any firm operating online, given the sophistication and ever-growing threat of digital foes in this modern world.