Written by Ravi Das, a business development specialist for the AST Cybersecurity Group, Inc.
Introduction to Asymmetric Cyber Warfare
When one thinks of a cyberattack taking place, many visions come to mind. Probably the most popular one is an individual dressed in a cloak-and-dagger outfit, sitting in front of a computer in a dark room, trying to enter a point of weakness in a business. While this particular image may not happen in reality, there is a new attack front that is emerging from this: This is known as “Asymmetric Cyber Warfare,” and is the focal point of this article.
What Is Asymmetric Cyber Warfare?
The technical definition for Asymmetric Cyber Warfare is as follows:
“It is cyberwarfare that bypasses or sabotages a victim’s strengths while targeting their vulnerabilities. In these types of attacks, the perpetrator has an unfair (or asymmetric) advantage over its opponent and can be impossible to detect. Oftentimes, the aggressor cannot compete in strength or numbers, making this popular among small intelligence groups.”
In other words, it is not just one cyber-attacker that is launching the strike. Rather, it is an entire unit or group of them, in which they gain access to your IT/network infrastructure through multiple points of entry. They can overwhelm your strengths and totally overpower your lines of defense in one, huge blow.
Their goal is to get away from the conventional thinking of how a cyberattack should be launched, and instead use different tactics to surprise the victim. During this phase, most threat variants often go unnoticed for extremely long periods of time (these are also known as “Advanced Persistent Threats”) until it is too late for the victim to do anything about it because they are so overpowered.
Because both the COVID-19 pandemic and the remote workforce have become the reality (likely for a long time to come), there are many more vulnerabilities and weak spots that have started to emerge. This is primarily due to the convergence of the home network and the corporate network; this makes the deployment of software patches and upgrades on a regular basis an almost impossible task.
As a result, the new phrase is not so much “Weapons of Mass Destruction,” but rather “Weapons of Mass Computers.” It’s also important to keep in mind that Asymmetric Cyberwarfare is not a homegrown style of attack. Rather, they are launched by nation state threat actors, such as those of Russia, China, and Iran, whose cyber-attack groups are overwhelming in sheer numbers.
How To Defend Against Asymmetrical Cyber Warfare
Businesses that have a well-established security policy in place typically only address what are known as “linear”-based attacks. This scenario involves one cyber-attacker who is launching one threat variant into one main point of entry. But these security policies need to be quickly updated in order to combat the new norm of the “non-linear” attacks, in which there are multiple cyber-attackers testing numerous potential vulnerabilities at different times. So how can a business defend itself in this regard? Here are some key strategies that can be implemented:
- Conduct a thorough Risk Assessment: The traditional assessment frameworks often lay out a strategy in which the CISO and CIO and the IT Security team map out both the digital and physical assets. From here, your team examines the vulnerabilities of each one, and using a numerical categorization scheme, assigns a severity rating. Assets which are the most vulnerable will have the highest rating, and therefore receive the most attention and protection. But now, think backward. In addition to this, you and your team also need to assess the assets that are the least vulnerable, and from there, come with the right set of controls to protect them as well. Remember in an Asymmetrical Cyber-attack, the hacker is going to go after what is most vulnerable, not what is the best fortified. In other words, take a holistic, multilateral view of all of your assets, rather than just the usual unilateral one.
- Make use of more advanced tools: Yes, the traditional tools like firewalls, routers, and network intrusion devices can provide an effective amount of protection for your business, but given the new cyber threat landscape of today, it is crucial that your IT Security team kicks your existing arsenal up to the next notch (or even more, if possible). In this regard, you should be seriously considering the use of both Machine Learning (ML) and Artificial Intelligence (AI) tools. These newer types of technologies are so far advanced enough that they model the newer threat variants by taking into account both your strongest and weakest links in your security chain. In other words, they can learn from past attack signatures and predict newer ones that could be evolving, especially from the nation state threat actors.
- Protect both the Internal and External Environments: The most traditional means of Cybersecurity has always been, and unfortunately continues to be based upon the concept of what is known as “Perimeter Security.” Simply put, the only line of defense used to protect the business from external threats is based upon a geometrical circumference. It is time to extend that circle to protect your assets from the internal environment as well, by breaking off your entire IT and network infrastructure into different micro segments, or “subnets.” Each of these sub segments will have their own defense mechanisms. The bottom line is that Asymmetrical Cyberwarfare can also emerge from insider threats, especially if you have a rogue, third party employee, such as that of a contractor.
Overall, this article has examined what Asymmetric Cyberwarfare is, and some ways that you can protect your business. At the current time, the other best line of defense you can take is that of the “Zero Trust Framework,” in which absolutely nobody is trusted. Everybody has to be authenticated through at least three more layers of defenses. Find out more about the Zero Trust Framework in our latest blogs: An Introduction To The Zero Trust Framework and The Advantages Of The Zero Trust Framework.
Whether you’re responding to a data breach or performing an internal data collection, you need access to online data sources and every endpoint, no matter what operating system, where it is located, or if it is even connected to your network. Enter AD Enterprise: The first forensic solution to offer in-network collection, superior Mac Collection, off-network collection and cloud data source collection—all in one product. Feel confident in monitoring content, scanning your network for violations, investigating IP theft and tracking employee misconduct. Contact us to learn more.
About the author
Ravi Das is a business development specialist for the AST Cybersecurity Group, Inc., a leading cybersecurity content firm located in the Greater Chicago area. Ravi holds a Master of Science degree in agribusiness economics (thesis in international trade) and a Master of Business Administration in management information systems. Ravi has authored five books, with two more upcoming on artificial intelligence in cybersecurity and cybersecurity risk and its impact on cybersecurity insurance policies.