10 Dec Cyber-attacks and Governments
The 2018 Annual Cyber Security Report: Impact on Government has found that cyber attacks against US government agencies are increasing daily. These threats include ransomware, distributed denial of service (DDoS), IoT botnets, cryptojacking, and other combinations of threats. Meanwhile, global cybersecurity company Kaspersky Lab reported that Asia has become a hotbed for cyber threats – with countries such as Singapore, Taiwan, Malaysia, the Philippines becoming targets by state-sponsored and highly sophisticated cyber attacks.
In the first quarter of 2018, Kaspersky has observed that new advanced persistent (APT) are high and continue to increase in both Asia and the Middle East. These bunch of activities have been targeting government entities and organizations, think tanks and political activities, cryptocurrency companies and Point of Sales (PoS).
It has become alarming that the targets of these threats are local governments, utilities, public safety, transportation, operations, education, and national defense, forcing these agencies to respond and tighten their security. With increased sophistication and agility, various strains of malware cyber attacks have become more damaging and threatening than ever, as shown by the 2018 mid-year report on cyber attacks.
Impact of cyber-attacks to daily life
These hidden threats causes harm to the public as they can systematically cripple infrastructure. One single attack can lead local governments and agencies to spend a budget that could have been used somewhere else. Such unexpected expenditures on recovery efforts can become financially stifling if resources are scarce.
Cyber-attacks also put vulnerable entities and cities at risk as they may need to rebuild and protect data storage. For instance, researchers found that poor security practice, default passwords, a lax cybersecurity policy, and other forms of vulnerabilities in software increases susceptibility of sensitive personal data to any potential cyber threat.
A hospital in Indiana, USA, was forced to shut down its online system to stop damage to the data of the patients due to a ransom message for bitcoin. While specific and repeated cyber-attacks has affected a Singaporean hospital compromising 1.5 million profiles of its patients and details of prescriptions to 160,000 other patients.
If it remains unresolved, threats beyond privacy breaches such as delayed surgical operations, blackmails and other criminal activities can affects millions of patients around the globe. It can target almost anyone. While the difficulty in preventing these attacks lie in the secrecy and mystery of that hacker’s intentions, the ability of healthcare institutions to combat these attacks depends on how they can quickly adapt and how deeply they can revamp their security walls.
The art and science of keeping hackers at bay
To defend itself from potential threats, governments are engaging IT experts to remodel their cyber infrastructure and install necessary software upgrades. But last year’s WannaCry ransomware outbreak in the UK shows that, indeed, an ounce of prevention is better than a pound of cure. It was revealed that the incident could have been prevented, had the organizations done basic patching.
In order to avoid becoming a victim of cyber attacks, institutions must acknowledge that some of the customary practices are the vulnerable points for these threats – such as usage of outdated software systems, hardcoded and embedded passwords, default accounts, cross-site scripting, and vulnerabilities found in web servers.
By focusing on increasing cyber resilience, leaders of local and national governments must come to terms with technology and not shun its potential to shield agencies from further destruction. Despite the advancements and perceived high level of knowledge needed to comprehend cyber attacks, governments and policy makers must recognize the reality of cyber risks and remain focused in deterring the cyber crisis.
Technology experts relied on by these agencies are also urged to be knowledgeable with the laws and rules being implemented to be able to appropriately address any breach. Some of the ways IT leaders of each organization can implement to strengthen cybersecurity include, but are not limited to, incorporating a cybersecurity-conscious culture, developing a security plan in coordination with decision-makers, increasing user training and awareness, outsourcing cybersecurity, implementing a security assessment program to identify risks, threats, and vulnerabilities, employing a purpose-made cybersecurity policy, acquiring cyber insurance for potential costly outcomes, working towards achieving resilience, collaborating with other key industry players, and having a backup or contingency plans.
Key regional actors have arrived at some regulating measures that aim to overhaul data security regime, impose sanctions to non-compliant organizations, and expand penalties to perpetrating nations. Some EU-member states propose the implementation of stricter and heavier sanctions on states guilty of carrying on cyber attacks. Meanwhile, on a practical level, the perceived vulnerabilities in the Asia Pacific region have led to the migration to, and integration of, web-based features to their organizational frameworks such as cloud tech, online management, and advancement of fintech. With various efforts to protect cybersecurity and respond to complex cyber threats, thorough analysis and consistent discussions among government and tech leaders and stakeholders define the strength of these changes and the impact of these developments.