August 11, 2017 By Douglas Bonderud 3 min read

Thirty years ago, the Cold War threatened to spill over from high-level espionage into full-blown warfare between the world’s two great superpowers. But there could be a new conflict on the horizon.

Nature recently highlighted “The Darkening Web,” a new book by Alexander Klimburg, program director at The Hague Centre for Strategic Studies, which argued there’s an impending clash between forces of the free internet and nation-states that prefer complete cyber control. This has resulted in new challenges for enterprises already tackling concerns over cloud security and data protection. How can companies win day-to-day digital battles and survive the war?

Cold Comfort

What does this new battlefield look like? In many respects the goals haven’t changed: Nations still want to uncover the potentially damaging secrets of other states, while hacktivist groups look to expose what they consider flaws in digital asset management or the oppression of digital freedoms.

What sets this new cold war apart is the sheer number of actors, with the democratization of technology making it possible for smaller nations, loosely associated groups and even individual cybercriminals to compromise critical data. Tactics have also evolved. The era of James Bond-like espionage and trickery has passed, replaced by reconnaissance at a distance and the use of open source code vulnerabilities to spy on corporate or countrywide activities.

The Innovation Issue

For enterprises, the conflux of emerging tensions and cloud security creates a tough-to-manage front line. How can corporations ensure that forward-facing cloud technology isn’t at risk of cybercrime, especially for companies acting as partner agencies or third-party providers for government organizations?

The nature of cloud and other emerging technologies creates a critical issue: innovation. Consider the rise of Internet of Things (IoT) devices. While always-connected cameras, printers and sensors offer massive business value, the drive for first-to-market status often means that basic security hygiene is overlooked in favor of speed and functionality.

Open source code is another growing problem, since companies don’t have the time or budget to create new code from scratch every time they design a new app or install a new device. This can result in vulnerabilities such as Devil’s Ivy, which stems from a flaw in the open source gSOAP code that is widely used in physical security products. A simple buffer overflow attack allows fraudsters to take total control of IoT devices.

The bottom line is that both malicious actors and corporate security professionals see the potential in cloud computing. Innovation at speed offers massive opportunities to streamline business, but it also leaves organizations exposed to threats.

A Helping Hack

The strategy for winning battles and beating the cyber cold war is two-fold: start hacking and start sharing.

The number of security experts pales in comparison to the number of cybercriminals worldwide. Add in the growing cybersecurity skills gap, and it’s no surprise that enterprises find it impossible to fully defend cloud-based architecture. Businesses need to invest in events, tools and training to break their own systems and discover vulnerabilities before they’re made public by hacktivists or quietly exploited by nation-state actors. This might take the form of a bug bounty program or hacking competition. Companies could also leverage a third-party agency to kick down digital doors and see where corporate defenses are weak.

The other half of the strategy is talking the talk. Too many companies prefer to keep possible hacks, cloud concerns and open source vulnerabilities a secret for fear of accidentally leaking critical information. The problem with this approach is that purposeful exploitation of these weaknesses puts enterprises in a far worse position than the controlled release of information with the intention of finding actionable results.

Consider the current situation in Europe: The Independent noted that losing access to European Union (EU) intelligence data thanks to Brexit will make U.K. citizens “less safe.” Cybersecurity sharing alliances are beginning to emerge and government agencies recognize the need to protect companies that are willing to share this information — but it’s slow going.

The Battle for Cloud Security

There’s a new cold war brewing. Threat actors are using digital disinformation and corporate vulnerabilities to collect valuable data and put critical services at risk. Made bolder by the changing nature of cloud security, cybercriminals are no longer tied to nations, creeds or even high-minded ideals — some are simply interested in testing their skills or demonstrating the flaws of new technologies.

While it’s not possible for enterprises to triumph in every digital dust-up, long-term success is on the table with a focus on discovering inherent flaws and sharing data with like-minded allies.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today