Cybersecurity State Power Struggles

The 2020 US presidential election made it clear that disinformation remains one of the most powerful tools in sowing doubt into democracy. Foreign actors, most notably from Russia, China and Iran, used disinformation in the US to promote their preferred candidate and cause chaos for voters. Coupled with similar campaigns aimed at election results, it’s clear that foreign threats are a considerable force.

Nation state attacks aren’t just limited to the US. In mid-September, UK Foreign Secretary Dominic Raab condemned continued Chinese attacks on telecoms, tech and global governments. Following an announcement by the US Department of Justice, along with Malaysian nationals relating to malicious cyber-attacks, he stated the UK would continue to counter bad actors and work with allies in holding them accountable.

Governments and security teams worldwide have done well in recognizing and combating threats from foreign adversaries so far. However, as malicious cyber-attacks become more advanced, a new approach to data protection is a necessity.

Political Interference

The vital role that cybersecurity plays in protecting our privacy, rights and freedoms is likely to be more prominent than ever moving forward. As more vital infrastructure comes online, digital vulnerabilities will mount. Data breaches involving the theft of national and personal information, as well as intellectual property, will become more frequent alongside political interference and state-sanctioned attacks.

With no end in sight to the ‘trade wars’ and the tech-driven arms race between global superpowers, the stakes are increasingly high. Russia has already announced testing on an ‘unplugged’ internet – a country-wide alternative to the web – which could effectively give it control over what citizens can access. Also, t’s no secret that Iran and China are already censoring content and blocking access to external information.

More recently, the Chinese government pushed pro-China narratives around elections in Taiwan and during the protests in Hong Kong via fake social media accounts. It is also suspected of hacking US election candidates’ private emails. The Norwegian parliament disclosed that a cyber-attack compromised email accounts within Norway’s Labor Party.

Other examples included suspected access to sensitive information held by North American and Israeli government entities, Russia running a massive phishing campaign ahead of Ukraine’s Independence Day, Taiwan accusing Chinese hackers of infiltrating information systems of at least 10 government agencies and an Iranian hacking group found to be targeting US government agencies through vulnerabilities in high-end network equipment. The list goes on.

Victim of Progress? Not Entirely

The 2020 Synack Trust Report cites government and financial services sectors as the most hardened against cyber-attacks globally. Both scored 15% and 11% higher respectively than all other industries in preventing attacks and incident response. Government agencies collectively succeeded in reducing the time it takes to remediate exploitable vulnerabilities by 73%.

The progress shown by government organizations is a direct response to the increase in digitalization and the need for stronger defenses to mitigate increases in new emerging threats. Consequently, we can expect more investment in technology designed to counter them, alongside efforts to raise public awareness of the issue.

Last year, governments faced unprecedented challenges due to the COVID-19 pandemic, but still maintained a commitment to thorough and continuous security testing that lessened the risks of cyber-attacks.

Time to Focus on the Data

Traditionally, cybersecurity defenses aimed at stopping bad guys from getting in, but it’s not working. Rather than focusing on protecting access to information where it’s held – on disks, in databases and applications – we should build security into the data itself. The technology is there, but historically, there has been a trade-off between security and ease of use. For example, full disk encryption is easy to deploy, but security is compromised because a running system seamlessly decrypts any data for any process – legitimate or not.

We need better technology that delivers more effective security to protect data, combined with ease of use. Such technology must be transparent to users while removing them from security decisions. The goal should be encrypting data at all times – in storage, in transit and in use. This means that when a file on a running system is copied from one location to another, it remains encrypted. Furthermore, strong authentication should be built into the encrypted file so that only authorized individuals can decrypt the data.

With this transparent approach to file encryption, all data will be protected no matter where it goes because security is part of the file rather than a feature of its storage location. By continuing the ‘100% encrypted’ principle, IT security experts no longer need to spend hours tweaking data classification rules so that ‘important’ data is more strongly protected.

Compliance, Not Just a Checkbox

Government organizations continue to perform risk analyses and implement security silos, and the result is ineffective ‘checkbox compliance.’ This approach is a major contributor to why so many cyber-attacks are still successful.

To become truly compliant, with security that persists even if data is stolen, organizations’ information security focus must change from stopping threat actors getting access to data to protecting the data itself.

What’s Hot on Infosecurity Magazine?