- Companies think about cyberspace in the wrong way, failing to treat it like the "live-fire, combat environment" it is, said Dr. Chase Cunningham, principal analyst at Forrester, speaking at a Forrester event in National Harbor, Maryland Thursday.
- "This is where things get very unfair," said Cunningham. Individuals are often alone against bad actors who don't need training to be dangerous. Cyberspace today has no rules of engagement and it "doesn't require [bad actors] to know what they're doing."
- Instead of sophisticated nation state actors carrying out attacks, they are likely run-of-the-mill cybercriminals, buying and selling services on the dark web, according to Wendi Whitmore, VP of X-Force Threat Intelligence at IBM, while speaking at the event. The dark web is the third largest economy in the world.
The Department of Defense declared cyberspace a warfighting domain about a decade ago and the frequency at which individuals are using cyber weapons is increasing.
Destructive malware attacks have increased 200% year-over-year, according to Whitmore. On average, destructive malware attacks can destroy up to 12,000 systems which requires a rebuild, spiking costs up to about $239 million per attack, according to IBM X-Force research.
Destructive malware combines the intention of stealing data and the act of destroying it or the infrastructure it was stolen from. It's often used in retaliation during a ransomware attack when a victim refuses to pay a ransom.
Destructive malware is easy to buy and sell on the dark web, according to Whitmore. There are about 6,300 dark web bazaars selling some variant of ransomware with prices ranging from 50 cents to $3,000.
Anyone with an appetite for destruction — or at the very least, malicious curiosities — has the ability to cost an entity millions of dollars. "Stop thinking about cyberspace as just a place where you use the internet. You're actively engaged in combat," said Cunningham.
In their outside of work lives, employees interact with platforms dripping in criminal activity. Facebook has publicized hacker groups with algorithms intended to identify "scofflaws."
Because Facebook is a consumer-facing tool, blatant malicious activity proves the ease of access hackers have to cyber warfare. "Every person on the planet can pick up a weapon," said Cunningham.