Is Cyber Warfare Our Vulnerable Point in 2013?
The threat of being hacked for a hacker’s personal gain has been eclipsed with the advent of Nation States sponsored hacking factories. There is a growing concern that the next major war will include sophisticated Cyber warfare techniques and weapons. It makes sense. The USA, China and Russia are not the only nation states with cyber warfare capabilities. These capabilities are now springing up all over the world – within our friends and foes.
Imagine the chaos if our electric grid was disabled for even a small amount of time, or all the traffic lights in downtown were stuck on green (or red), or the water treatment plants started circulating untreated sewage back to homes and commercial establishments, and so on, and so on.
Think this cannot happen? Consider the following scenario –
Money is no object because Nation State X prints its own. Nation State X sets up a hacking factory with state of the art equipment and their best and brightest hackers. It is determined that a successful strike against the Energy Industry would cripple the US. They identify their primary target as Houston, Texas which is known as the Energy capital of the world. It is home to hundreds of small and mid-sized companies that supply products and services to the energy majors. Nation State X also knows that the majors own only a small amount of the IP and that the bulk of the IP resides within the small and mid-sized supplier base. The planned attack strategy would be two-pronged – one against the majors and one against the small and mid-sized suppliers.
The attack against the major enterprises would be sophisticated and, if successful, would be devastatingly effective. Nation State X would claim victory and highly publicize the attack. The main thrust of the attack, however, would be aimed at the small and mid-sized companies. These companies are primarily interested in selling the majors more widgets and services. These are companies that lack the resources, skill and desire to be cyber security experts…they only want to sell more of their products and services, as they should! In small companies, most times the same individual wears many hats, ie that of CTO, COO and CISO. Thus, making them prime targets for well-funded, sophisticated hackers.
What could this attack look like?
Consider the following:
- Google all energy companies and their suppliers
- Research their products and services – create a map of the problems they solve
- Get the names of key individuals and management within these companies
- Reach out to these individuals via social media f/b, Lin, twitter, etc. Start socializing.
- Build a website that speaks to their issues and offer solutions to their problems
- Acquire a list of expanded contacts within their organizations eg Jigsaw
- Start a targeted email campaign to these individuals with a call to action that navigates them to visit the website.
Once a person visits the website, deposit malware on the computer that allows the hackers to come and go as they please with the compromised credentials.
Now they can steal all your secrets, access all your customer, employee and vendor records, create and pay fake vendor invoices, beat you to the market with your ideas and invention and deposit digital bombs for later use.
So does that mean that small and medium sized businesses are toast?
Heck no! It’s a time to Self Govern.
(In my next post I will discuss the idea of self governance for small and mid sized businesses.)
Umesh Verma, CEO for Blue Lance. Over the past quarter century, Mr. Verma has built BLUE LANCE into a global provider of Oversight solutions that help key stakeholders in organizations confidently fulfill their Cyber Governance responsibilities.