Based on their motives and scale of attack, cyberattackers can be classified into four groups.

First, state sponsored attackers. They are nonstate individuals or organizations who are discreetly supported by a government entity. These attackers generally operate to fulfil political, commercial or military interests of their country of origin.

Attackers use a combination of different techniques ranging from spear phishing attempts backed by well-researched social engineering to sophisticated advanced persistent threat campaigns in order to infiltrate networks and gain access to confidential information such as trade-secrets, research findings, and war strategies to name a few.

Cyberespionage and insider attacks (where a trusted insider is paid for carrying out parts of the attack) are also not uncommon. State-sponsored attacks have the potential to crumple entire nation-states when the right data is compromised.

Second, hacktivists. They are individuals or groups of individuals who use cyberattacks as a way of expressing political or ideological extremism.

Numerous cyberattacks have been carried out in the past as a means of expressing resistance. Launching large-scale distributed denial of service attacks to render government servers inaccessible and loading videos and images that criticize a state's policies on government websites are some of the most common methods hacktivists employ to make their voice heard. While hacktivism appears to be just a form of electronic civil disobedience without malicious intent, taking down networks of organizations that provide essential services such as hospitals can have devastating impact on citizens’ lives.

Third, organized criminal networks. They are groups of malicious individuals who form centralized enterprises to carry out illegal activities for profits. Some of the criminal organizations have a political agenda and carry out attacks to induce terror.

Supervisory control and data acquisition (SCADA) system communication networks form the backbone of industries such as electricity distribution, aviation, manufacturing, waste and water control, oil and gas transportation, and others that are crucial components of a modern economy.

The SCADA systems are employed to manage physical processes and sensitive functions. Attackers can compromise the communication networks either by gaining direct physical access to the plants or by establishing remote access. Once the attackers have control over the SCADA systems, they can manipulate crucial controls and cause physical harm or gather intelligence to use in an actual terror strike that creates a devastating impact.

Fourth, low-level individual criminals. They are hackers who compromise individual devices or organizational networks for monetary or personal gains. They usually launch small-scale attacks and do not have any hidden agenda.

This type of attacker might seem to be an implausible threat when you think of national security. But let's not forget that national security doesn’t just involve protecting the borders, it also includes securing a nation from within. 

Amid the COVID-19 pandemic, governments across the world are employing technology to contain and cure the disease. Imagine this scenario: You receive an SMS allegedly from the Health Ministry, advising you to download a mobile application that will warn you when a COVID-19 affected person is in your vicinity. Sounds like a wonderful way to keep yourself from getting infected, doesn’t it?

The problem is, the SMS could actually be a phishing message, and the app could be malicious and gather information from your mobile device. This information may then be relayed to attackers who can demand a ransom, take control of your device, and commit identity fraud and other crimes.

Such an attack on a small scale might appear insignificant, but when thousands of unaware individuals fall prey and their identities are misused, it can lead to a massive security crisis.

Government and private organizations that house sensitive information must protect their premises from physical attacks by carefully scrutinizing and permitting entry only to authorized individuals. A combination of identifiers such as pass codes, ID cards, and biometrics should be employed. Around the clock surveillance as well as proper maintenance and physical isolation of sensitive servers and devices are essential to prevent attackers from gaining manual access to the facilities and tampering.

Conducting risk assessment is one of the first steps towards creating a secure IT environment. List all the data assets, identify associated vulnerabilities and the likelihood of being compromised, and estimate the magnitude of impact. Using this information, classify each data asset as a high-, medium-, or low-risk entity and apply appropriate protection controls.

Once assets have been classified, scout the network for vulnerabilities and fix them. Continuously tracking all security information and events is essential to monitor the health of an organization's IT network. Virtual private networks (VPNs) and multi-factor authentication (MFA) techniques can be used to secure connections over unreliable networks and to prevent credential misuse, respectively.

While perimeter defense mechanisms such as firewalls and proxy servers can help prevent intruders, tackling insider attacks requires a different strategy. Insiders already possess the permissions required to access critical assets that they want to compromise.

An adversarial nation-state could compromise an insider's credentials or incentivize a trusted employee to work for it. With the help machine learning and artificial intelligence technologies, baseline behavior can be established for all the user accounts and entities in a network. By comparing current activities of a user or entity with the baseline behavior, suspicious activities can be detected and IT admins can be alerted.

Advanced security information and event management tools can be customized to perform automated threat response functions such as suspending malicious accounts or temporarily denying permission to perform certain activities. In case of an attack, this enables IT administrators to limit damage, protect surviving assets, and help in business continuity.

Modern cybersecurity tools have the capability to correlate vast event logs, deduce imminent cyberattacks, and warn security experts. These tools also generate extensive reports that aid in forensic analysis of a cyberattack.

Apart from the possible ways to prevent cyberattacks from an IT security standpoint discussed above, protecting cyberspace requires the formulation and efficient deployment of strict cyberlaws and regulations. Well-defined rules that explicitly describe criminal activities and associated penalties and punishments will provide a systematic and legal approach to deal with cyberattacks and attackers.

Just like the geographic or physical boundaries, a country's cyberspace requires constant surveillance and security. As a first step to getting started, governments should acknowledge the danger that cybercrimes can pose to a society and act accordingly.

Ensuring cybersafety is a combined effort. Without active participation of individuals, cyberlaws would just be statements on paper. Coordinating a multiagency response and executing preventive and counteractive measures against cyberthreats in judicious proportions is the way ahead.

 ***

The writer is product consultant at ManageEngine.

Popular

Volcano erupts in North Sulawesi, hundreds evacuated

Dubai roads, airport reel from floods after record rains

Ramadan boosts consumer confidence, retail sales