21st Century Chinese Cyberwarfare describes the Chinese military capability for waging war in the fifth sphere of military operations – land, sea, air, space and cyberspace – and US worries about a cyber Pearl Harbour echo themes of Western unpreparedness to defend itself against cyber attacks. Identifying Obama as the first cyberwar President adds to the excitement (as do memories of cyber attacks on government resources and critical national infrastructure in Estonia and Georgia) but helps obscure the real cyberthreats that should concern organisations today.
It’s important to distinguish between cyberwar – a state-against-state conflict in cyberspace, and something in which most organisations might reasonably expect their governments to take an overarching role – and trade wars, which are waged between organisations. While cyberwar is, at the moment, a low-likelihood risk for many countries (but not for all), trade war is a more potent, much more immediate risk. The fact that national security agencies aappear to be engaged in many industrial espionage activities does not remove the obligation from organisations to take all appropriate steps to protect themselves and their valuable intellectual property and business secrets against expropriation.
Then there is online crime. Criminals operate in parallel to normal businesses and see wars as opportunities to take advantage of. All organisations are at risk of criminal cyber attack – and cyber criminals do not discriminate between targets on the basis of size. All organisations, big and small, are at risk.
Cyber attack vectors, though, tend to be much the same in all three situations. This means that organisations can take steps to protect themselves against cyber attack, and make themselves simultaneously secure against cyber warriors, industrial agents and online criminals.
Why would you not want to do that?