When security issues shift from phishing and trojans to things that explode in the night, they tend to get a lot of attention. Recent military action involving the United States and Iran has led many to speculate about possible cybersecurity repercussions, but experts question whether the threat landscape has actually changed.
“In the cyber world, there’s a war going on all the time,” says Elad Ben-Meir, CEO of SCADAfence. “There are attempts of nation state-backed attacks happening all the time.”
The threat landscape
“These players — Iran, China, and others — are always engaged,” says Mark Testoni, CEO of SAP NS2. He says that threat actors are always probing and poking to see which opportunities are available and which data is visible. That constant probing in the cyber realm marks a clear difference from the situation Testoni remembers from his youth.
“When we go back to when I was growing up in the Cold War era, the battlefields were pretty defined,” Testoni says, explaining, “It was sea, land, air, and then space over time. Now, the Internet is obviously one of those battlefields.”
And for many executives and experts, businesses are on the battlefield whether they’re a direct target or not. The question is not whether businesses are truly at risk to threats related to international sociopolitical affairs; but rather, what sort of risks? What does that overall threat landscape look like to corporations?
Attacks from different directions
“Two weeks ago, I would have said probably the biggest immediate risk is by criminal organizations,” says Peter Corraro, cyber governance manager at Wärsilä. Those criminal organizations have an ultimate goal that’s straightforward — they want to extract data or behavior from the company that can be converted to money.
Nation-state sponsored attacks, on the other hand, “…are going to be more specific, not necessarily financially focused, but looking to impact the organization they’re attacking along some other line, whether that’s to cause panic or to make a statement,” Corraro says.
Making a statement can mean attacking different targets than most criminals might have in their sights. “I think it’s well-documented that Chinese actors, among the many things they are looking for, is intellectual property, [sic]” says Testoni. Other actors, he points out, could have aims that include the large-scale economic disruption that might result from DDoS attacks against financial services institutions.
Outside traditional IT targets, “Industrial infrastructure worldwide is vulnerable to cyber attack and most industrial environments are underprepared for defending themselves. This not only applies to Iran but around the world,” says Sergio Caltagirone, vice president of threat Intelligence at Dragos. These industrial targets are vulnerable — and their vulnerability could have wide-ranging impacts.
“All it takes is one or two systems that aren’t protected or that haven’t been patched and the attackers will wreak whatever type of havoc they have at their disposal,” says Jason Kent, hacker in residence at Cequence Security. The havoc could extend well beyond the shop floor, as well.
“You need to remember that every IoT device is part of your network and may be the gateway of choice of the attacker to penetrate your network,” says Natali Tshuva, CEO of Sternum Security.
(continued on next page: The positive side)
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio