The world has recently experienced a rapid acceleration of technological advancements in the field of information technology, mobile devices, communications and other smart technologies that leverage computing power, networking functions and much more. This has resulted in the acceleration of globalization throughout the world for governments, businesses and individuals. Additionally, this has resulted in the proliferation of technology that has lead to less disparity between those who have access to computing technology and those who don’t. The combination of these factors brings with it the potential for both societal advancement as well as the introduction of new risks, threats and methods of warfare.
As the world becomes more interconnected both the number of individuals who have access to computer based technologies and the number of potential threats increases. This problem is compounded by the increased reliance on information technology for the proper operation of infrastructure, business, finance, and government functions. This presents a situation where the number of threats and attack vectors continues to rise, while the risk for catastrophic damage also rises in direct proportion. For example if the industrial control systems used for managing complex energy sectors in the United States was targeted with a malicious script or experienced a malfunction the result could be devastating. The same concept can be applied to nuclear power plants, transportation, aviation, finance and government.
This report will highlight several key statistics relating to cybersecurity incidents in the world today. Details will be provided on various threat actors and how they may use a variety of tactics and techniques to disrupt, deny and destroy key resources that negatively affect national security. This will be directly tied to the the recent proliferation of technology over the last two decades. Additionally, details will be provided as to how these threats and risks can be mitigated moving forward for government and the business sector.
Technology, Globalization and the Digital Divide
Over the last 20 years the world has experienced a rapid acceleration of technological capabilities and widespread adoption. These advancements include computing power, communications technology, networking functions, smart technology and mobile device technology. In addition to the acceleration of technological capabilities, computer based technologies have also become more readily available to the global population. This has allowed for the widespread adoption of computer based technologies for personal, business and government functions. The combination of technological capabilities, widespread adoption and communications technologies such as the internet has allowed for rapid globalization through connecting new markets and populations.
The Closing Digital Divide
The digital divide is simply defined as the disparity between countries and populations that have access to information systems, computer based technologies and other smart devices. The digital divide is also characterized by the knowledge, understanding and proficiency by which a population can use computer based technologies in daily life. This can include personal activities such as online banking, business activities such as digital correspondence and government activities. Studies have shown that the digital divide is quickly closing as populations all around the world are being exposed to information technology through both traditional education and readily available access to computers.
A recent study by the Pew Research Center showed that a total of 5 billion people around the world own mobile devices. The Pew Research Center first started collecting this data in 2011 and has shown more than a 30% increase in mobile device ownership over the last decade. Mobile devices in this study include cellphones, tablets, laptops, gaming systems and other smart devices. The data shows that if this trend continues nearly every person in the world will have a mobile device by the year 2030.
Data gathered from around the world related to the proliferation and adoption of information technology alludes to the fact that the world is quickly becoming interconnected through various technologies. One study showed that nearly 3 billion people around the world actively used a social media platform. Social media allows individual users to collaborate in a peer to peer format regardless of time, distance and location as long as they have access to a compatible device and stable internet. This newly developed capability allows for the rapid transference of new ideas within a certain population or region of the world. This fact can have drastic affects on a society that can lead to the progression or collapse of a society, country or region.
For example the Arab Spring which was a series of violent social uprisings that took place in several countries throughout the Middle East in 2011 was made possible through the use of social media. Social unrest began after the self immolation of a street vendor in Tunisia named Mohammed Bouazizi due to what were perceived as oppressive government overreach. Protesters quickly spread information and rallied supporters through the use of popular social media platforms such as Facebook and Twitter. Protests quickly turned into riots and then further devolved into urban warfare. The social uprisings lead to the toppling of entire governments, regime change in multiple countries. All of this was possible because individuals were able to quickly organize and communicate through the use of technology.
Had these protesters not had the ability to quickly organize and communicate through technology they would have been confined to in person means of correspondence. This would have been much easier for a government security force to shut down. Protesters would have been forced to rely on localized command and control mechanisms which would have limited the scope and magnitude of unrest. Additionally, other countries joining the endeavor would have likely never occurred because it was through social media that the initial uprising began.
Technology and Globalization
Globalization is defined as the increasing interconnectedness and subsequent exchange of goods and ideas across populations, markets and regions worldwide. Globalization is a phenomenon that has been occurring for centuries as various sectors of the world developed relationships primarily based on trade and commercial activity. Inventions such as railroads and steam engines allowed for people to travel further than ever before at faster rates which allowed for new relationships to form between distant communities. These relationships allow for a healthy exchange of goods and ideas as well as the formation of new social alliances that have been helpful for societal progress and defense related activities.
Information technology has played a key role in the acceleration of globalization especially primarily through the internet. Individuals, businesses and organizations can now have a global reach through inventions such as social media. This reach can be used for constructive means such as raising awareness for a cause. Additionally, this reach can also be used for destructive means such as the recruitment of individuals into terrorist organizations. Now each and every individual and organization has a decentralized platform they can use to push their message and gain support for their cause.
Technology has also allowed for increased arbitrage opportunities for the business sector by creating access to goods and services worldwide. For example employers can now hire skilled labor for a lower cost by outsourcing job opportunities to foreign countries through the internet. Additionally, the cost of goods may be cheaper in foreign regions which allows for increased profit potential. These facts are revolutionizing the global business market as more decision makers become aware of these opportunities.
The closing of the digital divide as well as advancements in computing power, bandwidth and general IT knowledge by global citizens is rapidly advancing technological globalization. As more people gain the necessary knowledge, skills and access to properly use information technology this technological revolution will only accelerate and expand. This creates many opportunities for the advancement of society as more people will have more access to what they need. However, this acceleration also creates more opportunities for destructive activities such as cyber attacks, espionage, warfare and illicit activity.
Cyber Incidents in the Business Sector
One of the most heavily targeted aspects of our society today is the global business sector. Corporations and small businesses are under an almost constant barrage of cyber intrusions, attacks and information security threats. Cybersecurity has become a non-negotiable element of any major corporation’s operating policy as the number of threats have become too great to ignore. Additionally, corporations are now more reliant on information technology than they every have been in the past which makes the risk for a data breach or denial of service too costly in both monetary terms and reputation.
Cybersecurity Statistics in the Business Sector
Data from 2019 shows that the average cost of a corporate data breach was just under $4 million. With this in mind it comes at no surprise that around 10% of businesses that experience a cybersecurity breach end up closing down forever. Not only are cybersecurity breaches directly negative from a monetary standpoint but they also cause secondary effects which can damage business operations. For example the loss of proprietary information that gave a corporation a competitive advantage would be devastating for the future success of that business.
Additionally, businesses that experience a data breach are required by law to report this information to their customers. The reputation damages incurred by a cyber attack can cause customers to move their business elsewhere. This is especially damaging if the business that was breached operates in a business to business capacity and this causes their customers sever operational contracts in order to limit their own exposure.
Even with these metrics being public knowledge many small business owners and corporations are still greatly unprotected from cyber intrusions. This is the cause of both inadequate security controls due to a lack of education on the matter as well as from choosing to accept the inherent risk of doing business in our technological age. Reports from the Small Business Administration show that a majority of small business owners feel as though they are at risk for cyber attacks but choose to do little about it or implement inadequate security controls. This is likely due to a lack of education about the damages one could incur from a cyber attack and how to defend themselves properly.
Cyber Threats Actors
There are a number of threats that present themselves to small businesses and corporations with varying levels of sophistication. The primary purpose for cyber attacks directed at businesses is for monetary gain, however this is not always the case. The groups that primarily attack businesses include insider threats, criminal organizations, hacktivists and nation state actors. Each of these will be described below and how they may leverage their skills, access and support to damage a business.
The first group to be discussed is transnational cyber criminals and other criminal organizations that leverage cyber capabilities. The primary reason for this threat actor to launch an attack on a business is for monetary gain. One of the most commonly used techniques is through the use of ransomware which is a type of crypto malware that denies a business access to essential services or infrastructure. This attack can be executed by gaining illicit access to a company’s data and then encrypting it. The attacker will then charge the business an exorbitant fee to unlock the data. Studies have shown that in the year 2020, ransomware attacks had increased by more than 400% since the previous year. Recovering from ransomware attacks on average cost businesses more than $1 million as of 2021 reporting.
Next are insider threats which are employees and vendors that have privileged access to company resources such as sensitive data, financial accounts and network access. Insider threats take adverse action towards their company for a variety of reasons ranging from monetary gain to relationship disputes with other coworkers or the company. Reports indicate that up to 80% of cybersecurity incidents were a result from malicious activity from insiders. Insider threats in 2021 were reported to have accounted for more than 30% of cybersecurity incidents in the United States.
The next group are hacktivists and cyber terrorists which seek to embarrass, expose, destroy and discredit an organization for political or idealogical reasons. This could be for matters relating to religion, environmentalism, humanitarian concerns or other social matters that cause serious grievance amongst the attackers. Hactivists usually seek to deface an organization and to draw mass awareness to the issues of concern. Some of the most notable examples of hacktivism can be observed by the collective known as Anonymous which launched countless cyber attacks against corporations and governments. These attacks often lead to the defacement of websites, exposing corrupt individuals and releasing sensitive data. Some of these attacks lead to breaches that were damaging to national security through the release of classified information.
Finally, the last group of cyber threat actors are state sponsored or state directed advanced persistent threat (APT) groups. Many of the APT’s that threaten U.S. national security are based out of Russia, China and Iran. Much of the activity directed by these groups is centered around cyber espionage and supporting other clandestine operations such as human intelligence and information warfare campaigns. Cyber espionage is a growing trend throughout the world as APT’s target corporations that develop defense related technology such as advanced technology, aircraft and other weapons systems.
APT groups have also historically targeted service providers that contract with the U.S. government for various functions such as payroll, accounting and IT services. One of the largest attacks directed toward the United States was conducted in 2017. Chinese sponsored APT-10 was able to successfully infect a series of Managed Service Providers (MSP’s) that contracted with the U.S. Navy and the governments of several other countries. The attack consisted of using a well crafted spear phishing campaign to gain access to the servers of the MSP.
From here the attackers installed several remote access trojans (RAT’s) which were used to siphon large quantities of sensitive data. This attack and others like it show that indirect attack vectors through private organizations are becoming a more popular means of access to government assets. This is a direct result of the increased reliance on computer based infrastructure and the interconnectedness of individuals, organizations and businesses.
Emerging Threats in Cybersecurity
As technological expansion continues to accelerate globalization and the closing digital divide the types of threats and attacks described above will likely become more widespread and frequent. The rate of technological adoption appears to be increasing at a faster rate than the awareness of risks that are inherently involved with its use. In addition to this the use of interconnected technologies through the outsourcing of various services such as cloud resources as well as licensing private and proprietary technologies across multiple countries and regions adds undue complexity to security staff and infrastructure. This will likely result in an increased exhaustion of cybersecurity staff and resources who are unable to effectively respond to and manage the rapidly growing attack surface.
As technology becomes more widespread and sophisticated the number of vulnerabilities will increase in direct proportion. Each mobile device, wearable technology, IoT device, multifunctioned printer, network access point and others will become a potential attack vector by one of the aforementioned cyber threat actors. This combined the increased storage and processing of sensitive data on information systems makes data breaches far more accessible than ever before. These security concerns are extrapolated when considering the increased reliance that physical infrastructure such as SCADA and industrial control systems have on information technology.
Through a well placed attack a threat actor may be able to disable an entire nation’s access to natural resources and other essential components of modern society. Attacks of this nature have already occurred with the example of the 2021 Colonial Pipeline attack and the 2017 Not-Petya attack in Ukraine. Each of these events resulted in catastrophic damage or denial of access to physical infrastructure and resources through an asymmetric cyber attack. Upon analysis it is important to remember that these were both isolated incidents that were the result of one malicious script inserted into a network. If an entire array of these cyber weapons were launched against multiple industries at once the destruction would be unprecedented.
With this in mind it is important to begin discussing cyber weapons and cyber warfare with a similar perspective as towards weapons of mass destruction (WMD’s). The difference is that with conventional WMD’s the overt potential for damage is well understood by even common people. However, the destruction potential for cyber weapons, especially as we move into a more technological society is not as well understood. It is also no longer nation states that have a monopoly on cyber weapons. Any of the threat actors described in this report could potentially develop a malicious script that could cause irreparable damage for very little cost.
Moving forward there will be a greater need for subject matter experts who can properly describe these types of threats and vulnerabilities to decision makers. There will also be a greater need for widespread awareness at every level of society both in government and in civilian sectors. This awareness is also needed at every level within organizations to properly understand the potential threats. An increased emphasis will also need to be placed on advanced technical controls that account for human error such as those which already exist through data loss prevention systems. And finally there will be a need for an increased number of cybersecurity related staff as a whole. With a conscious effort society can both mitigate cyber related threats and enjoy the conveniences that modern technology has to offer.