Don’t fall victim to fallout

Blog / Don’t fall victim to fallout

Just to get it out of the way, I’d like to start this newsletter by assuring you right off the bat that this will not be about politics. This is a cyber security newsletter and only a cyber security newsletter. However, there’s no denying some of what’s going on in the real world does have real consequences in the realm of cyber security, so let me explain.

In last week’s newsletter I advised you to make sure your firewall policies have proper IP restrictions in place. I also mentioned how I’ve been seeing an increased amount of suspicious activity from Russian IPs in the past few months. In an even earlier article I wrote about cyber insurance and how one provider had tried to deny an organization’s claim as an act of war.

Keeping that in mind, let’s shift gears and what war in the real world looks like for a second. In general, you’ll be targeting fairly easy-to-identify military targets. Military targets have plenty of weapons, defenses, and and other infrastructure that’s both offensive or defensive. Oftentimes they’re obvious, readily standing out from civilian targets (yes, there are occasional mistakes, but that’s not exactly pertinent as we’re here to talk cyber security, not war crimes). While some military assets can be disguised, the majority are actually easy to identify, and surveillance is as easy as snapping a few pictures from an orbiting satellite. Right away you have some decent intelligence to start with.

Now, how would you translate these surveillance tactics to the digital world? You can’t exactly send a satellite out over it to take a few snapshots of your enemy’s cyber space. When trying to identify an online military resource, you’re not going to see tanks or airfields or garrisons. You’ll see the usual things like websites, VPN logins, and the like. The only way to really confirm if an IP is a doorway to a military site is to get inside. Assuming you were right and managed to find a military site, you are racing the clock before you get discovered once you get inside. Military products and budgets for things like cyber security and human monitoring are generally substantially better than “civilian-grade” defenses.

While I am greatly over simplifying things, the point I’m trying to make is that the electronic situation is vastly more complicated. Making a targeted attack in cyberspace takes a lot of effort, preparation and skills. This means that the most likely military actions in cyberspace during a war will not be properly targeted, so the chances of collateral damage are a lot higher. As a bonus (for the bad guys), covering your electronic tracks with a civilian target is a lot easier than a military one.

I bring all this up for two reasons. The first one is obviously due to current events unfolding in the Ukraine but the second is to consider the situation we are all in. Remember that newsletter I reference earlier? In it I mentioned that an insurance provider tried to deny a cyber insurance claim by saying that the ransomware their client was infected with was as an act of war. Act of war clauses exist in most insurance contracts, and they make a lot of sense.

Now, reconsider the internet. What connections does your organization have to it and how are those connection are protected? Due to current events in the physical world there has been a massive increase in state-sponsored cyber attacks, everywhere. While most of it is probably pointed at Russia and the Ukraine, not all of it will be. Also, you can be sure some of the internet’s worst are already using the war in Ukraine as a smokescreen for their own electronic shenanigans. Getting a tank from Siberia to Alberta may take a lot of effort, but doing the same with data packets takes less then a second. Even in cyber space, or rather especially in cyber space, it’s pretty much guaranteed someone’s going to get caught up in the electronic crossfire and wind up as digital collateral damage that almost certainly won’t be covered by current cyber insurance policies which aren’t likely to change without driving your premiums so high they might as well start snapping surveillance photos. In simpler terms, it’s well past time you looked into shoring up your own defenses if you haven’t already.

The Bard of course has something to say when it comes to conflict. This week’s quote comes from Henry VI part III: “It is war’s prize to take all vantages.”

If you need help reinforcing your cyber security defenses, please contact one of our account managers today.

 

Be kind, courtesy your friendly neighbourhood cyber-man.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.

View more partners