Government sponsored hackers don't just target other governments.
It sounds like the stuff of Hollywood movies, but international cyber warfare is real. Nation states are actively engaged in ever more sophisticated and sustained hacking attacks on each other, with the aim of destabilising governments, stealing information, damaging infrastructure and hurting economies. And as with any form of warfare, while our leaders insulate themselves from harm, making decisions from afar, caught in the cyber crossfire are ordinary citizens and businesses.
As is so often the case, Russia is presented as the villain of the piece. As well as Russian criminals launching attacks, the country’s own government has a history of being linked to hacking campaigns.
But Russia is far from the only player on the cyber warfare board. Also associated with this kind of activity are China, Iran, Israel and North Korea, among others. The USA, too, undoubtedly has its own people carrying out this kind of work, and it was notably linked to the creation of the Stuxnet worm, which was designed to disrupt Iran’s nuclear weapons programme. Even the UK is involved, having proudly boasted about its offensive cyber warfare abilities.
Cyber Warfare & Businesses
Obvious targets, of course, are military institutions and critical infrastructure, like power stations and hospitals. Similarly, the likely Russian meddling in the last US presidential election has been well documented.
However, businesses, no matter what size they may be, are far from immune to cyber warfare. For example, North Korea was famously credited with hacking Sony, after its movie studio produced The Interview, a Seth Rogen comedy that poked fun at the nation’s leader, Kim Jong-un, and which used the idea of his assassination as its central premise.
While that particular attack was probably meant to make up for the damage to Kim’s personal pride, attacking businesses also hurts countries where it counts: in their pockets. Every year, businesses and other organisations around the world, including the UK, lose thousands of pounds to cyber breaches, including ransomware attacks. Naturally, many of these will be perpetrated by independent criminals looking to make a profit, but nation states, too, are said to be responsible for their own fair share of the problem.
And whatever their motivations, it’s getting increasingly easy to launch such attacks. Cyber security firm Cybereason, for example, recently discovered a hacking tool that is able to automate around 80% of the work a human hacker would normally do manually. This means hackers can create widespread and sustained attacks with minimal effort.
These tools can be used in a targeted way, but they can also simply scan the internet for connected computers and networks that are vulnerable. If, for instance, your own business’s server was discovered in this way, you could easily find yourself being attacked by criminal gangs or state-sponsored hackers.
It seems odd to think that foreign governments would be interested in hacking, say, the computer systems of a small business in the UK, but when it involves so little work, why would they not be?
This is why it’s so important for small- and medium-sized businesses to take cyber security seriously. Big companies and organisations are obvious targets, but they also tend to have better security in place. All too often, SMEs assume they won’t be affected, so they don’t invest properly in security measures, like up-to-date hardware and software, and training for staff.
Predictably, it’s this exact assumption that often leads to their downfall.
Human error is the biggest cause of cyber security breaches. How safe are your people? Find out with TMB's cyber security awareness training and phishing simulations. Available from just £1.66 per user per month.