We’ve compiled 16 valuable, easy-to-understand cybersecurity and cyber risk KPIs that can be integrated into a dashboard for any member of an organization who wants to become more aware of cyber risk.
Each January, cybersecurity pundits busily fill the airwaves with their predictions for the year ahead. There’s much to think about. However one trend is particularly troubling for U.S. and European businesses – an intensification of a new cybersecurity “cold war.”
Similar to the nuclear cold war between the U.S. and the Soviet Union in the 1980s, countries are stockpiling cyberwarfare capabilities and using those reserves as a threat or a deterrent to their enemies. Russia, China, North Korea, and others have the capacity to launch sophisticated attacks against U.S. businesses. Using armies of “cyber soldiers,” these nation states can easily target critical national infrastructure, including utilities and financial systems -- if they so desire.
Indeed, last week the World Economic Forum published an article – “These will be the main cybersecurity trends in 2020” – warning of a new cyber cold war between Western and Eastern countries fueled by trade wars. But there’s also another player fanning the flames: Iran.
Tensions with Iran stoke fears
Given the intensification of hostilities between the U.S. and Iran following the death of General Qasem Soleimani, the threat of cybersecurity ramifications against the West has heated up. This is nothing new. Iran has long been known for its adversarial use of cyberattacks targeting both national infrastructure, governments, and private enterprises. The challenge is that these attacks are becoming gradually more unpredictable and the divide between military and non-military targets is becoming increasingly blurred.
Without any question, Iran’s asymmetric approach to warfare uses cyberattacks as a “a continuum of conflict”, leaving America and its allies braced for additional “payback.” What form that will take remains unknown. However, based on previous Iranian-sponsored cyber tactics, instead of a significant “take-out” of critical infrastructure targets (which would, in effect, be a declaration of all-out war), there is a high probability that any retaliation could strike at the core technologies and internet-based systems that encompass our daily actions and drive the consumer economy, such as credit card processing platforms, airport IT systems, transportation logistics, and even retail-giants.
In doing so, Iran would be blowing up the old way of thinking that our adversaries need to take down entire power grids or bomb American interests to disrupt our everyday life and gain geopolitical advantage. Instead, they can simply use the threat of cyber warfare to disrupt the country’s business interests.
Businesses are ill-equipped to deal with the cyber cold war threat
That threat should be enough to make organizations sit up, take notice, and begin taking control of their cyber defenses -- especially since protecting their interests (and, as a result, the interests of U.S. and European citizens) falls squarely on their own shoulders.
Since the origins of our democracy, we have looked to the government to defend us militarily. The same isn't true of cyber warfare. Businesses and private-held companies must square off against well-funded nation states and proxy groups – on their own. This is also the official line from the government. In the days following Soleimani’s death, the Department of Homeland Security warned U.S. companies to “consider and assess” the possible impacts and threat of a cyberattack on their businesses, reports TechCrunch.
Yet, many businesses are ill-prepared. Our own research shows that in the business services sector, for example, almost half of the companies are at a high risk of a cyber breach. The same is true for the retail, healthcare, finance, utilities, and technology sectors.
Clearly, there’s room for improvement.
How to defend against the new reality of cyber warfare
It may seem like an insurmountable mountain to climb, but it doesn’t have to be. Implementing the latest security solutions and ensuring these systems are up-to-date and patched is the first step. The second is for businesses to continuously monitor their own security posture – and that of their domestic and global sub-contractors, partners, and suppliers – in real-time. In doing so, they can quickly and efficiently expose potential vulnerabilities that nation state threat actors and cyber criminals exploit to gain access and control of networks and data.
As nation states like Iran and others boost their cyberwarfare capabilities and exhibit more unpredictability in their military and cyber attack strategies, businesses need to be prepared and up their defenses. They must take every step to mitigate cyber risk within their organizations, because even if countries don’t deploy their arsenals, the threat is real -- and corporations are quite literally alone on the battlefield.