Mindmap Learning Programme (MLP)
What the editorial is about?
The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber-attacks but no changes in methodology have been seen.
- A cyberattack is any offensive manoeuvre that targets computer information systems, computer networks, infrastructures, or personal computer devices.
- Cyber-attacks may be a relatively new phenomenon, but in a short time frame have come to be assessed as dangerous as terrorism.
- Each succeeding year, despite an increase in cyber threats, witnessed no change in the method of response. The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber-attacks but no changes in methodology have been seen.
Sectors that are vulnerable
- As 2022 begins, the general consensus is that the cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe.
- In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns.
- Results are also likely to far eclipse the damage stemming from the COVID-19 pandemic or any natural disasters. A little-publicized fact is that the vast majority of cyber-attacks are directed at small and medium-sized businesses, and it is likely that this trend will grow.
- According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments.
- The huge security impact of working from home, dictated largely by the prevailing novel coronavirus pandemic, must again not be underestimated as it is likely to further accelerate the pace of cyber-attacks.
- Unfortunately, and despite the plethora of evidence, cyber security experts appear to be floundering in finding proper solutions to the ever-widening cyber threat.
- There is a great deal of talk among cyber security experts about emerging cyber security technologies and protocols intended to protect systems, networks and devices, but little clarity whether what is available can ensure protection from all-encompassing cyber-attacks.
- What is most needed is absent, viz., that cyber security experts should aim at being two steps ahead of cybercriminals. This is not evident as of now.
- Cyber technology presents certain unique challenges which need particularized answers.
- Attempting to devise standard methodologies, and arrive at certain international norms that govern its use, enabled cybercriminals to gain the upper hand.
- While the West focused on the ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost. It led to misplaced ideas and erroneous generalizations, resulting in a decade of lost opportunity.
A detailed study
- A detailed study of the series of low- and medium-level proactive cyber-attacks that have occurred during the past decade is clearly warranted.
- It could reinforce the belief that when it comes to deterrence in cyberspace, what is required is not a piece of ‘grand strategy’: low and medium-tech, low and medium risk-targeted operations could be just as effective.
Defence and backup plans
- Nations and institutions, instead of waiting for the ‘Big Bang cyber-attack’, should actively prepare for a rash of cyber-attacks — essentially ransomware — mainly directed at available data.
- The emphasis should be on prioritizing the defence of data above everything else. Consequently, law enforcement agencies would need to play a vital role in providing an effective defence against cyber-attacks.
- Understanding the nature of cyberspace is important. While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritize resilience through decentralized and dense networks, hybrid cloud structures, redundant applications and backup processes’.
- This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.
Building trust in systems
- We need to prioritize building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analogue or physical, and building capacity within networks to survive’ even if one node is attacked.
- Failure to build resilience — at both the ‘technical and human level — will mean that the cycle of cyber-attacks and the distrust they give rise to will continue to threaten the foundations of a democratic society’.