Understand Cyber Security, Attacks and TerrorismUpdated: June 26, 2019
Cyber attacks are one of the "activities" that pose great problems. These problems can be related to businesses, but not only; the national and public aspects of a society is also put at risk, including civilians information, and...in the end, life.
Cyber terrorism is one of the cyber attacks; it's the most complex, as it involves a great number of aspects - essential infrastructure, civilians, businesses and so on.
How does a cyber attack occur? What are the effects on the society or on the world? In this article you'll be able to understand what are cyber attacks, cyber-terrorism and how do they affect the world we live in.
The internet and its associated technologies were on an exponential rise in the last couple of decades. This quick increase in both usage and areas of interest pushed entire industries forward as well. The ease of communication, various automated process and an entire suite of tools aimed to help a wide range of professions are the building block on which the 21st century is going to build its progress.
Due to its usefulness, technology spread across the board rapidly. Entire computer systems were made available to cover and support the needs and use cases of day to day users, small or large business or even government institutions. Just like any other system, IT systems have their strength and weaknesses. Even though the best people are dedicated to cover and maintain these large infrastructures, design or security flaws might still pop up here and there.
While design flaws might cause systems to be inaccessible or behave in unexpected manners for short periods of times, in this day and age the real problematic flaws are the security ones. Besides making systems inaccessible, security issues lead in most cases to far worse results. Even though there is a lot of talk about GDPR lately, believe it or not, the fact that malicious attackers can gaining access to personal user data is not the worst it can happen. A well planned attack can enable hackers access to corporation private information, bank accounts or even entire government facilities.
Since these IT systems are human driven, hence inherently exposed to various flaws, an entire branch of tech science called cyber security spawn off. Its main purpose is to identify the most common issues such a system can encounter, and come up with solutions to increase the its reliability. While the knowledge of potentially harmful attacks and unreliable services might frighten you, the fact that there are real specialists out there whose main goal is to fix such problems should put your mind at ease.
Furthermore, you should know that most of the times an attack is likely to happen based on the gains it will bring to the attacker. Therefore, a personal computer or phone is much less likely to be severely compromised than a bank system or an army facility. There is very little to gain by breaking into your Facebook compared to gaining access to some bank accounts. This is why you only need a good antivirus for your personal computer, while banks and institutions invest way more in protection and system security.
In short, cyber attacks are malicious actions taken by a user who tries to exploit a system vulnerability in order to gain some benefits.
Most of us are used to hear the "celebrity account hacked" stories, or about that guy who lost his iCloud account because he used a dumb password like "apple1". While indeed the most common, these attacks are fairly infantile since they don't make use of a real system vulnerability. Usually the attacker is using a "brute force" attack where they are just trying to guess your password. The longer and more complex the password, the harder for the attacker to guess it. Other than two factor authentication and some geolocation checks, there is little a system can do to protect you from brute force attacks. However, at this point in time, even these small scale attacks can be traced back and are 100% punishable by law.
Furthermore, you might be familiar with either the scam emails or with the suspicious downloads that are still causing problems in 2019! These are very old techniques to target users, but can be easily avoided with a proper anti virus and with some basic knowledge about staying safe on the internet.
On the other hand of the spectrum you'll find large scale, orchestrated attacks designed to either take a system down, or gain its control. The types of attacks vary greatly ranging from trying to break a system by consuming all its resources, to exploring vulnerabilities in the system's software or to use the actual users / maintainers the main entry point into the it. Again, while security experts can tackle down most of the problems not human related, one of the greatest vulnerabilities is human error.
Even though this large scale attacks are targeting banks, corporations or government institutions, most of the times regular people are affected by these attacks as well. The results of a well performed malicious action could range from personal data made public to identity theft or to bank accounts being messed with. These are extreme cases, since most of the time the security checks and experts working on ensuring well running systems are able to identify and block such threats. However, you should know that most corporations and especially banks are covered by insurance in such cases, and even lost money will be returned to you.
Probably the most extreme kind of attack is the one targeting government institutions or military facilities with the sole purpose of bringing them down and harm either a specific nation or a large segment of the population. These malicious actions might have as target not just gaining classified data, but they could also try to disrupt the economy of a city / region my breaking their water supplies or electricity plants.
The extent of such attacks and the interactions between the attackers and the possible victims are not disclosed to the large public in some instances. There are leaks or hints pointing towards such events, but most of the time these attacks remain hidden due to the sensitive nature of national security and integrity. Usually in such cases both secret services and various government institutions are involved in defending and identifying the attackers. Just like private institutions, most governments have entire security specialists teams dedicated to work and precent cyber attacks in the 21st century.
While not as common in the past, recent years brought to light another type of attack placed by most in the same cyber terrorism umbrella - fake news and social manipulation of the masses in order to destabilize governments and invoke chaos in various countries. Probably the most notorious case of all is the 2016 US elections when the Russian government was accused of employing hackers and fake Facebook commenters and likes to distribute fake news and manipulate the US electorate to vote towards a specific direction.
Thinking of the definition you read above, we can actually make a comparison between cyber terrorism and wars. It's true, it is not a precise one, but it does cover some aspects that can be used to better understand this whole subject.
Cyber terrorism is like a sub domain of the whole cyber attacks spectrum. They are focused on the national (and maybe world wide) attacks, that can cause disruption. This strategy (let's call it like that) has been discussed many, many years before the Internet era.
In some wars (WWII and Vietnam), the strategy was to attack and destroy roads and important production facilities. using airplanes equipped with bombs. In this way, the attacked people would've been slowed down or even defeated. These critical civil infrastructures were roads, water supplies, production facilities, electrical power and other essential war industries.
These strategic attacks couldn't be done on a constant basis. The American air offensive was good, gained some control, but it had to be done either more, either accompanied by ground offensive, as leaders later discovered. The Germans were able to keep their heads cool, and to ignore the terror that was supposed to be created by the air offensive. They were under the Nazi control, so they were able to keep going even after their homes were destroyed, even after repeated air attacks, even in the condition they were forced to live.
Germans were actually able to reconstruct and to prevent the decline of the German economy, because they were smart enough to rebuild and maintain the war industries that were so essential.
You would say that this was a single case. But the war in Vietnam had the same results.
Maybe now you're asking yourself "How does this have any connection to cyber attacks/terrorism?". First of all, it has the connection regarding the strategy: attacking the essential infrastructure of a city, of a country or, smaller, of a company.
Second of all, the conclusion draw from the war situation can be a lesson for cyber attacks. The conclusion was that persistent and constant attacks were necessary; you can't do major damage with a single attack. Now even if cyber attacks are most likely single ones, they are, at least sometimes, focusing on more than a single vulnerability. If one of the attacks is found, security and repair measure are taken, so the attacker has to find another way to finish his work.
On a national level, cyber terrorism can be accompanied by real-life attacks. Let's say someone cyber-attacks the water supplies - than it can set on fire whatever that someone wants, creating a bigger panic as the water supplies aren't accessible and firefighters don have the "raw material".
Still, as in war, for a cyber attack to really manage to do some harm, especially on a national level, multiple attacks are needed. But there's one catch: even a single cyber attack towards an essential infrastructure can be seen as an act of war. Nonetheless, power outages at a regional level, for example, are not seen as a threat to the national security. Cyber attackers would have to attack multiple targets, maybe at the same time, and even for longer periods of time, in order to create terror and panic.
Regarding the attacker, you'll see further below that there are some types of cyber attackers. But here I wanted to portray the fact that it can be sometimes hard to actually know who's attacking.
For the attacks that focused towards something big, like a national bank, or the transportation method, or the electrical power, the first thought can be: "a terrorist group". History, or rather experience has showed us that there are many cases in which actual civilian hackers are the cause of the problems.
They have a lot of time on their plate (maybe), so they want to test out their knowledge. The lack of ways to train an test their skills can make them want something bigger, something were they could actually do something. Some of them actually want the attention.
Even if they try their skills on the Internet System Providers servers, they can still do a lot of collateral damage: people and companies lose access to the Internet, hence they can loose communication methods, which can lead to other situations.
Cyber attacks costs depend on the method, and on how big they are. From 2001 when costs were around the million mark, nowadays we are looking towards the trillion mark. And these numbers can "be done" by even a single hacker.
I am saying this because even though there is the cost of money alone, there are situations where this cost consist of others. Just like the example above, with ISP.
For a company, there's also reputation damage, lower productivity, intellectual property and so on. The cost of cyber attacks doesn't always translate to the national economy. Most of the attacks are done businesses and they have the most to lose.
The customer, seeing even that a company's website is hacked, goes to his alternative (meaning the competitor), and may never come back. Multiply this by whatever you want and you'll quickly realize that the actual money lost isn't all, as I said above.
We have come far regarding technology: instant ways of communication between people, or between people and businesses, constant notifications regarding what's happening in the world - almost everything is digitized, making our lives easier, but also simpler to be attacked.
Companies are dependent on their systems and on their data. This leads to a quicker destabilization. If a hacker gains access to a company's data, he can even erase it all, hitting the company hard.
We are trying to live an easier, more efficient and more convenient life, which is why now even those essential infrastructures are coming online. This convenience it's also related to vulnerability.
Our society lives in and towards a remote online system, which comes with a great security responsibility. Times are changing and we should be aware of the level of exposure. Cyber security should move faster than always, being a step forward in comparison with cyber attackers. And, maybe, we should always find some offline backups, so that we can be like the Germans - cool headed and ingenious in defending our world.
As technology evolves, common people has been long time overwhelmed. But a cyber attacker has to be constantly informed, and constantly "training".
As a common person, you might not have access to new and developed technologies. And even if you'd have, you'd be easily tracked down if something was to happen. So cyber attackers, and cyber terrorists had to find other ways to get their hand on the newest technology - black market.
As for everything that is hidden from plain sight and illegal, there's this black market for sophisticated technologies. These sophisticated technologies, are actually coinciding with this raising flow of highly skilled hackers.
In order to cover the losses or to even "mask" an attacks, companies now take the advantage of cyber insurance companies. They are specialized in helping the company to get over the attack quicker: they company can focus on repairing the damage and finding the attacker, without having to think about it's loses in terms of clients or in term of interruption.
Some cyber insurance policies also have some kind of provisions for the business's interruption, even for the case when there's a data breach. These types of insurance policies work in a similar way as the traditional ones do (health, life, travel).
They are a great help, even a great asset to have, especially for bigger companies. In fact, the public companies that manage the water supply, the electrical power, the transportation and so on, should take these policies into consideration, especially if they are looking towards an online future. As they are essential to people, they should be able to have some kind of safety net.
As the world we live in runs fast towards an (almost) only Internet based world, cyber attacks can be on the rise. I say "can be", because they can be tamed with proper cyber security measures.
If countries do not make an effort towards improving and developing their cyber security, there will be a great risk of increased vulnerabilities. Yes, new technology and developed network systems should definitely exist, but there should be a balance between developing the network and developing the security. Adopting specific policies, even ones that emphasize cooperation between economies - defeating cyber threats should be a priority for every country/state.
Otherwise, the safety will be compromised and cyber attacks will grow more, and more.
In case you want to know more about how can you protect yourself or even your business, here are some of our articles: