The cyber age has brought incalculable advantages to modern life. The world is connected and accessible like never before. But like all technological advances, there is a dark side to this progress: Quite simply, the cyber age is revolutionizing warfare.

Whereas security threats were once visible and easily identifiable, today’s cyberthreats are invisible and anonymous. Where once warfare had clear rules and boundaries, modern cyber warfare is largely anarchic and without borders. As a result, governments and corporations alike are struggling to identify threats, let alone combat them effectively. This calls for an entirely new security discourse.

All’s Fair in Cyber Warfare

A brief glance at some of the most recent cyberattacks illustrates the scope of the task ahead. It appears French presidential candidate Emmanuel Macron’s campaign was targeted by a cyber espionage group recently. Late last year, the San Francisco transit system was disrupted by a ransomware attack, prompting concern over the safety of other U.S. transport networks. Additionally, half of U.K. businesses reportedly suffered a breach in 2016.

Enemies can seemingly strike anywhere at any time. This is not the work of a conventional army; it is usually the work of a small, dedicated group of fraudsters who wear no identifiable uniform. They are armed with everyday hardware, invisible codes and malware. And in the digital world, borders are irrelevant. A cybercriminal’s battleground knows no boundaries.

The difficulty of identifying a cyberattack is compounded by the rapid advances of malicious actors. As connectivity escalates between people, companies and organizations across the globe, fresh opportunities to launch attacks are opening up all the time. Technological developments are inevitably seized upon by enemies up to no good. In this regard, the growth of the Internet of Things (IoT) is set to make the challenge of cybersecurity even more complex.

Strategy and Intelligence Over Technology

Until now, the standard response to this increasing danger has been to match technology with technology — in other words, a cyber arms race. In this cat-and-mouse game, an evermore sophisticated arsenal is developed to counter the latest weapons being deployed. This amounts to applying an increasing number of Band-Aids to all manner of illnesses and infections. It is a piecemeal and inadequate response.

A fresh, more sustainable approach is required. This approach must be holistic, comprehensive and adaptable to the new nature of warfare. Most importantly, intelligence must play a meaningful role.

As a first step, determine exactly who constitutes an enemy in cyberspace. Given that anyone with a computer could theoretically be an attacker, it is critical to narrow down the possibilities. After all, even a colleague can become a threat — or at least an unwitting accomplice to a security event. In cyber warfare, it is often unclear who is friend and who is foe. A clear distinction based on an accurate intelligence assessment must be made between enemies, opponents and allies.

Since cyber warfare is so widespread and varied, it’s important to accept that not every attack can be repelled. Because there is no hermetic cyberdefense system, an intelligence evaluation is required to determine which attacks require an instant response. This means calculating critical interests and resolving to defend them, while at the same time being prepared to tolerate threats to lesser assets.

By doing so, government leaders and corporate managers can better understand the parameters to the cyber threats they face. They will then be able to clearly define what constitutes critical defense and set their security priorities accordingly. Consequently, they will be able to develop a workable cyberdefense strategy, establishing a critical and long-lasting mode of operation.

A War of Attrition

Of course, in today’s world, everything is interconnected. The individual process of establishing a holistic cyber strategy must be complimented by a wider legal and societal consideration of contemporary threats.

Legal systems need to define the lawful boundaries of cyber defense. Meanwhile, workers and network users must be educated and trained to spot the signs of a digital attack. In doing so, they can provide valuable help to the intelligence gathering process.

If governments and corporations seriously wish to win the cyber war, they must make a paradigm shift. Warfare is no longer a question of weaponry, but a matter of strategy. Only a sustainable, strategic approach, with intelligence at its core, can triumph. The alternative is an expensive, never-ending and, ultimately, futile battle against those who wish to cause harm.

Download the IBM X-Force research report: Weaponizing the Internet of Things

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today