How to Protect Your Business Against Cyberterrorism
Cyberterrorism can be roughly defined as the use of the internet for the purposes of conducting violent acts that threaten or result in significant bodily harm or loss of, under the premise of achieving ideological or political gains through the use of threats or intimidation. Alternatively, the U.S. Federal Bureau of Investigation or FBI defines cyberterrorism as “any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents”. Irrespective of how the concept is defined, what is generally agreed upon is that the goal of cyberterrorism is to inflict some level of physical harm upon another individual through the use of the internet.
What methods are used to conduct cyberterrorism?
Cyberterrorism attacks can be conducted by a variety of means and methods. What’s more, while the idea of cybercrime may elicit a mental image of an individual hacker acting alone, there have been various instances in which major businesses and corporations have been accused of engaging in cyberterrorism. To illustrate this point further, the U.S. Department of Justice or DOJ charged Chinese telecommunications equipment company Huawei with a variety of cyberterrorism crimes in 2019. These crimes ranged from bank fraud to obstruction of justice, as well as conspiracy to steal trade secrets. To this end, the attacks methods that cyberterrorists can employ include the following:
- Advanced persistent threat (APT) attacks- Advanced persistent threat or APT attacks utilize concentrated and sophisticated methods in order to gain network access and remain within said network for an extended and undetectable period of time, with the end goal of illegally stealing data. APT attacks are commonly used against businesses and organizations that possess high-value information, such as the financial and manufacturing industries, as well as national defense.
- Computer viruses, worms, and malware- Computer viruses, worms, and malware function by targeting information technology or IT control systems. After an IT control system has been illegally accessed, viruses, worms, and malware can subsequently be used to adversely affect power grids, utilities, transportation systems, and military and critical infrastructures by creating volatility and instability.
- Denial of service (DOS) attacks- Denial of service or DOS attacks function by preventing legitimate and authorized users from accessing a targeted computer system, device, or other forms of computer network resource. DOS attacks are commonly aimed at governments and various forms of critical infrastructure.
- Hacking- As one of the most commonly known forms of cybercrime, hackers function by gaining unauthorized access to a computer system or network with the intention of stealing critical data or information from a particular business, institution, organization, or government.
- Ransomware- Ransomware is a type of malware that is used to effectively hold information or data systems hostage until the victim of the attack pays a ransom to the perpetrator.
- Phishing- In a phishing attack, a cybercriminal will attempt to collect personal information or data from a targeted individual’s email account. The cybercriminal will then use this personal information or data to steal the individual’s identity or access their computer network. In many cases, a cybercriminal engaging in a phishing attack will present themselves as a legitimate person or source.
What can people do to protect themselves from cyberterrorism attacks?
As is the case with any cybercrime, the primary means that individuals can go about protecting themselves from cyberterrorism is through a combination of extensive cybersecurity measures and personal vigilance. In the context of a large-scale business or corporation, the employees within said entities can fight cyberterrorism by ensuring that all devices within their organization that make use of internet functionality are both secured properly and inaccessible through public networks. Companies can also develop comprehensive cybersecurity and IT policies for the purposes of protecting business and personal data. For example, IT professionals within a particular organization can implement two-factor and multi-factor authentication procedures, as well as limit access to sensitive information or data.
Moreover, when looking to prevent hacking and ransomware attacks, businesses and organizations can also make use of firewalls, antimalware, antivirus software, the implementation of continuous monitoring techniques and methods, and regular system backups to defend against such attacks. On a national level, The Department of Homeland Security or DHS coordinates with both private and public sector organizations to share information on potential cyberterrorism attacks and threats. Furthermore, on an international level, the U.S. along with 38 other countries around the world, participate in the Council of Europe’s Convention on Cybercrime, the first international treaty that seeks to address and fight computer and internet crime through the harmonization of international laws, improving investigative methods and techniques, and increasing cooperation between nations.
As the internet and online access have grown to become one of the most influential factors in the lives of millions of people worldwide in our current digital age, threats such as cyberterrorism are only sure to increase in the incoming years. As such, individuals and business professionals alike will have to take steps to ensure that they protect themselves from attacks that are perpetrated by cyberterrorists, as the adverse consequences that can result from such attacks can be tremendous. Additionally, international coordination through means such as the Council of Europe’s Convention on Cybercrime is extremely important, as all countries around the world are now connected through the internet in a manner that has never been seen before in human history.