Cyber-terrorism- the new normal? We have heard about serious attacks on SONY and its PlayStation Network, Microsoft’s Xbox Live and similar high profile attacks on the Tor project and other major websites, has cyber-terrorism grown so rapidly to become a new threat for enterprises?
Let’s start from the initial stage. Is there any difference between cyber-terrorism, wrecking or even war? Going back to the late 90s and the early 2000s, websites were mangled just to calm and attacker’s ego. Similar o graffiti, this is a good example of vandalism. The recent defacement of US Central Command’s Twitter handle can be a exemplar of vandalism.
If malware like Stuxnet discovered in June 2010 are to be considered, it can be named as the world’s first digital weapon changing things drastically. Stuxnet was beyond the virtual world and had the capability to cause physical damage to computer equipment or a kind of large scale destruction or even a cyber war. Anyhow, cyber-terrorism seems to have found a new focal point where disruption or damage of military or state sites is not a target, but that of a commercial entity- the businesses or services that we often depend upon.
In the attack against SONY, which resulted in the release of many confidential data of the employees and their families in November, 2014, many potential suspects were taken into consideration. Regardless, of naming the culprit, the damage to SONY was very real. Millions of dollar were lost in revenue due to whole movies being leaked online, disclosure of sensitive employee information (salaries, social security numbers) and publishing of executive emails-shed a defamatory light on Hollywood executives. Brand name and other collateral damages were also done due to the leaks putting SONY on a long road towards full recovery.
Lizard Squad – an organization that identifies itself as a cyber-terrorist – launched a massive DDOS attack against SONY’s PlayStation and Microsoft’s Xbox Live networks on the Christmas Day, causing huge problems for millions during the holiday fun. The squad flloewd up the disruption with new attacks on the Tor Project, a network of virtual tunnels that allows people to improve their security and privacy level in the Internet.
And finally there is the North Korean attack, which saw US’s web and Internet infrastructure go down for roughly 9 and a half hours. Cyber-terrorism is likely to be used also for propaganda purposes.
The collateral damage involved and the obvious geo-political associated with many attacks we see mirrors the idea of terrorism. President of US, Barack Obama has also stated that cyber-terrorism may perhaps be one of the Internet, these attacks are very likely to grow in a serious manner.
What does this mean for organizations? The best answer would be that the organizations that face attacks from cyber terrorists will see damages down to the deep roots of its structure. Recovery from such attacks can cost up to tens, hundreds or even millions exhausting the workforce engaging in disaster recovery mode. With the addition of brand damage the overall consequences of these attacks could be catastrophic.
The lesson to be learned for organizations is that these attacks can happen to anyone for a slew of reasons and the damages are pretty bad and visible. So organization need to make IT security a major priority in their daily activities.