Governments and business must work together to patch cybersecurity holes

Daniel Wagner says that defending against cyberattacks is an unending cat-and-mouse game, and public-private partnerships would help in communicating risks and options for addressing them

Reading Time:3 minutes

An “out of service” notice is displayed on the screen of an ATM at a bank infected by the Petya ransomware computer virus in Kiev in late June. The cyberattack, similar to WannaCry, began in Ukraine, infecting computer networks and demanding US$300 in cryptocurrency to unlock their systems before spreading to different parts of the world. Photo: Bloomberg

Published: 11:00am, 24 Mar 2018Updated: 11:00am, 24 Mar 2018

Though cyberattacks now occur with greater frequency and intensity worldwide, many either go unreported or under-reported, leaving the public with a false sense of security. While governments, businesses and individuals are all targeted, infrastructure has become the choice for both individual and state-sponsored attackers, who target security systems previously seen as impenetrable. This shows the vulnerability of cities, states and countries and the importance of global risk agility.

The US now blames Russia for cyberattacks on energy, aviation and other sectors in recent years. Moscow planted malware, conducted spear phishing and gained remote access to sensitive areas of America’s infrastructure networks. They did this with surprising ease; for example, using false résumés to apply for jobs and installing malware once tainted emails were opened.

This modus operandi is not new to Russia or others intent on planting malware and gaining entry into sensitive companies and sectors. Russia planted the malware leading to the Petya attacks of 2017 by entering a Ukrainian tax and accounting firm servicing 80 per cent of Ukraine’s businesses, then gaining access to those businesses. This quickly infected computers around the world.

It is shockingly easy to enter otherwise secure computer systems and companies. Up to 95 per cent of the time this is because of the risk between keyboard and chair – employees who click infected links.

Cyberattacks are difficult to prevent, given the relative ease with which hackers can find a single system vulnerability, and the impossibility of plugging all security holes. Cybersecurity professionals play an endless game of cat and mouse, where would-be attackers attempt to enter a system while security professionals attempt to defend it by applying continuous patches. The adversary then quickly moves to another vulnerability. That is why many computer security programs produce patches numerous times per day.

Chinese hackers accused of targeting US defence firms linked to South China Sea

High-profile cyberattacks are increasingly the norm, giving nations of all sizes, degrees of wealth and resources a seat at the table with world leaders in overt and covert cyberattacks. Iran and North Korea are prominent members of this club. All this has prompted the Trump administration to declare that it equates cyberattacks against critical infrastructure as acts of war, potentially resulting in a nuclear response.