Emerging Cyber threats and possible solutions – UPSC GS3

What are Cyberthreats?
  • A cybersecurity threat is a malicious act that includes threats like computer viruses, data breaches, and Denial of Service (DoS) attacks.
  • A cyber threat damages data, steals data, or disrupts digital life in general.
  • Global Examples of Cyber Attacks:
    • The advent of the Stuxnet Worm in 2010 resulted in large-scale damage to Iran’s centrifuge capabilities.
    • In 2012, data from Saudi Aramco Oil Company computers were wiped out by Iranian operatives by employing malware.
    • The ransomware attack on Colonial Pipeline in 2021 was the largest cyberattack on an oil infrastructure.
  • Indian Examples of Cyber Attacks:
    • The data from an exam for the recruitment of police officers in 2019 in India was hacked which resulted in a leak of sensitive information of all the participants.
    • In 2021, a huge leak of customer data was experienced by the famous pizza brand namely, Dominos, India.
    • In 2021, the records of over 10 crore users were leaked from India-based digital payment company MobiKwik.
Concerns with Emerging Cyber Threats:
  • Wide Coverage: Cyber threat is likely to be among concerns for both companies and governments across the globe.
  • Targeted Sectors: Among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments.
  • Health-care ransomware: The ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality.
  • Ransomware as a Service (RaaS): Talk of the emergence of ‘Ransomware as a Service’ (RaaS) — a business model for ransomware developers — is no mere idle threat.
  • Work From Home: The huge security impact of working from home is likely to further accelerate the pace of cyberattacks.
  • Cloud Storage: A tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages.
  • Dark Web: The dark web is a subset of deep websites that can only be accessed by encryption software. The dark web is vulnerable to abuse by malicious actors as part of cyber threats.
  • Lack of Implementation: Many companies fail to realize that inadequate corporate protection and defence could have huge external costs for national security.
Way Forward:
  • To tackle the increasing cyber threats, preventive and reactive cyber security strategies are needed.
  • There is a need for clarity to ensure protection from all-encompassing cyber-attacks.
  • Every enterprise should incorporate Secure Access Service Edge (SASE) to reduce the risk of cyberattacks.
  • Cloud Access Security Broker (CASB) and Secure Web Gateway (SWG) – aimed at limiting the risks to users from web-based threats.
  • The Zero Trust Model and Micro Segmentation as a means to limit cyberattacks can again be self-limiting.
  • Nations and institutions should actively prepare for cyberattacks by prioritizing the defence of data.
  • The law enforcement agencies would need to play a vital role in providing an effective defence against cyber-attacks.
  • There is a need to prioritize resilience through decentralized and dense networks, hybrid cloud structures, redundant applications and backup processes.
There is a need to prioritize building trust in systems and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analogue or physical.