It is common knowledge that our world is constantly evolving, now more so than ever. While the shift towards digitalization has been long underway, there is no denying the fact that the pandemic was a primary catalyst in accelerating the process. With the need for quick digital adoption, and the growing permanence of remote work, employees’ dependency on the internet and other aspects of the digital landscape has increased. This increase in exposure to digital technologies gives threat actors an opportunity to exploit vulnerabilities, isolate security gaps, and perform cyberattacks. Along with the surge in cyberattacks worldwide, it can also be noted that there is now the looming threat of cyberterrorism.
Cyberterrorism, however, is nowhere close to being a new concept since it can be traced back to the late 1990s, when it originated likely due to the technology boom of that decade. The rapid growth of information and communication technology, along with the increase in daily average use of the internet, sparked concerns around potential security risks on a national level. Twenty years down the road, fear around cyberterrorism attacks has been on a steady climb, which is understandable given how sophisticated the cyber landscape has become.
In order to grasp the threat behind cyberterrorism for what it is, let’s start by taking a look at the meaning of cyberterrorism and what it entails.
There are now an array of terms that are used, sometimes interchangeably, to categorize the different kinds of attacks that take place in cyberspace. Some of these terms are listed below.
Cyberterrorism, in simple terms, is the intersection of “cyber” and “terrorism.” In general, “cyber” is relatively straightforward, where it means “anything involving computers and networks.” “Terrorism,” on the other hand, is narrower and can loosely mean any act of violence that has the intention of instilling fear and harming people or property to achieve an ideological (political, social, economic, etc.) aim. Now, cyberterrorism, as one may guess, is any attack against a government or its people that uses computers, networks, or even the data stored within them to accomplish ideological objectives.
In order for an attack to be categorized as cyberterrorism, it must result in violence in terms of bodily harm or destruction of property, at least enough to promote terror. Importantly, the motive behind an activity that classifies itself as a cyberterrorism attack makes all the difference. Unlike other kinds of cyberattacks wherein the motivation is fueled by the intention to steal money, exfiltrate data, or even just “leave a mark,” a cyberterrorism attack will carry the objective of primarily causing destructive harm (physical, mental, environmental, etc.) to both people and critical infrastructure.
While there are different types of cyberterrorism attacks, they can be broadly grouped under three categories (based on analysis by the Center on Terrorism and Irregular Warfare):
Let’s now look at a few specific methods of cyberterrorism attacks that could fall into any one of the three categories above.
DDoS attacks are executed to overwhelm an IT security system with an overflow of information to disrupt operations. When a server is flooded with packets, it will be difficult or impossible for it to respond to normal requests from authorized users. DDoS attacks are usually done to distract security personnel so the attacker can go on to perform other critical attacks.
Operational technology (OT) can be hardware or software that is responsible for industrial processes such as robotics or electric utilities. In facilities that have both IT and OT, the two types of technologies should be on separate networks since an OT network controls physical processes. However, it only makes sense that any threat to an IT network may pose a risk for the OT network as well, especially in cases where the segregation between the two is not distinct.
Threats to OT networks may be even more dangerous given the physical outcomes, i.e., vehicle malfunctions or explosions. A recent Gartner report predicts that weaponized OT by threat actors will no longer stay conceptual but could be a reality by 2025.
As the name suggests, website defacement refers to defacing the websites of victims to display messages that could nurture propaganda or redirect users to malicious sites. While these types of cyberattacks are generally considered low-level, the potential for one to occur causes concern in the arena of international relations.
Penetration tools that are used to carry out penetration attacks may be the foundation of many sophisticated ransomware attacks. Cyberterrorists could utilize these tools to target organizations that possess critical data. A varied number of attack techniques such as launching an advanced persistent threat could be employed to gain access to systems and networks, eventually stealing or modifying data, all the while going undetected.
With the level of risk cyberterrorism poses, organizations have to develop and deploy security practices that protect all aspects of their operations. Organizations would do well to adopt certain parts or all of any existing international guidelines for additional security, as these best practices contain thorough information on information security processes.
Keeping tabs on the latest events, threats, gaps, etc. when it comes to cyberspace is more than necessary at this point in time. Organizations that are invested in this process will be better equipped to improve their overall security posture, ultimately being able to defend against cyberterrorism attacks they may face.
As an organization, it is important to educate employees and all vendors involved on the potential risks from cyberterrorism. Doing so would not only make them generally aware of the company's security posture but also help them identify any security gaps and ultimately secure their touchpoints.
It is essential for organizations to develop a foolproof disaster recovery plan. However, having a plan on paper is barely enough. These disaster recovery plans have to be periodically tested and revised to arrive at the most effective route to recovery. Two components that must find a place in the recovery plan are repair and restoration. Having these components in place, in addition to an effective overall plan, will curb the downtime after an attack while increasing the potential for a full recovery. Data, which forms an organization’s biggest asset, must be regularly backed up and stored securely.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.