Thirty years ago, the Cold War threatened to spill over from high-level espionage into full-blown warfare between the world’s two great superpowers. But there could be a new conflict on the horizon.

Nature recently highlighted “The Darkening Web,” a new book by Alexander Klimburg, program director at The Hague Centre for Strategic Studies, which argued there’s an impending clash between forces of the free internet and nation-states that prefer complete cyber control. This has resulted in new challenges for enterprises already tackling concerns over cloud security and data protection. How can companies win day-to-day digital battles and survive the war?

Cold Comfort

What does this new battlefield look like? In many respects the goals haven’t changed: Nations still want to uncover the potentially damaging secrets of other states, while hacktivist groups look to expose what they consider flaws in digital asset management or the oppression of digital freedoms.

What sets this new cold war apart is the sheer number of actors, with the democratization of technology making it possible for smaller nations, loosely associated groups and even individual cybercriminals to compromise critical data. Tactics have also evolved. The era of James Bond-like espionage and trickery has passed, replaced by reconnaissance at a distance and the use of open source code vulnerabilities to spy on corporate or countrywide activities.

The Innovation Issue

For enterprises, the conflux of emerging tensions and cloud security creates a tough-to-manage front line. How can corporations ensure that forward-facing cloud technology isn’t at risk of cybercrime, especially for companies acting as partner agencies or third-party providers for government organizations?

The nature of cloud and other emerging technologies creates a critical issue: innovation. Consider the rise of Internet of Things (IoT) devices. While always-connected cameras, printers and sensors offer massive business value, the drive for first-to-market status often means that basic security hygiene is overlooked in favor of speed and functionality.

Open source code is another growing problem, since companies don’t have the time or budget to create new code from scratch every time they design a new app or install a new device. This can result in vulnerabilities such as Devil’s Ivy, which stems from a flaw in the open source gSOAP code that is widely used in physical security products. A simple buffer overflow attack allows fraudsters to take total control of IoT devices.

The bottom line is that both malicious actors and corporate security professionals see the potential in cloud computing. Innovation at speed offers massive opportunities to streamline business, but it also leaves organizations exposed to threats.

A Helping Hack

The strategy for winning battles and beating the cyber cold war is two-fold: start hacking and start sharing.

The number of security experts pales in comparison to the number of cybercriminals worldwide. Add in the growing cybersecurity skills gap, and it’s no surprise that enterprises find it impossible to fully defend cloud-based architecture. Businesses need to invest in events, tools and training to break their own systems and discover vulnerabilities before they’re made public by hacktivists or quietly exploited by nation-state actors. This might take the form of a bug bounty program or hacking competition. Companies could also leverage a third-party agency to kick down digital doors and see where corporate defenses are weak.

The other half of the strategy is talking the talk. Too many companies prefer to keep possible hacks, cloud concerns and open source vulnerabilities a secret for fear of accidentally leaking critical information. The problem with this approach is that purposeful exploitation of these weaknesses puts enterprises in a far worse position than the controlled release of information with the intention of finding actionable results.

Consider the current situation in Europe: The Independent noted that losing access to European Union (EU) intelligence data thanks to Brexit will make U.K. citizens “less safe.” Cybersecurity sharing alliances are beginning to emerge and government agencies recognize the need to protect companies that are willing to share this information — but it’s slow going.

The Battle for Cloud Security

There’s a new cold war brewing. Threat actors are using digital disinformation and corporate vulnerabilities to collect valuable data and put critical services at risk. Made bolder by the changing nature of cloud security, cybercriminals are no longer tied to nations, creeds or even high-minded ideals — some are simply interested in testing their skills or demonstrating the flaws of new technologies.

While it’s not possible for enterprises to triumph in every digital dust-up, long-term success is on the table with a focus on discovering inherent flaws and sharing data with like-minded allies.

More from Cloud Security

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…

How to Implement Cloud Identity and Access Governance

Creating identity and access governance across cloud environments is crucial for modern organizations. In our previous post, we discussed how important human and non-human identities are for these environments and why their management and the governance of their access can be difficult. In the face of these challenges, our cloud identity and access governance (CIAG) approach offers an orchestration layer between cloud identity and access management (IAM) and enterprise IAM, as the following graphic shows. As we continue our CIAG…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…