[ad_1]
Does your online business actually perceive its dependencies, and how you can mitigate the dangers posed by an assault on them?
12 Aug 2025
•
,
4 min. learn
A panel dialogue at DEF CON 33 final week, titled “Adversaries at war: Tactics, technologies, and lessons from modern battlefields”, supplied a number of thought-provoking factors, in addition to a transparent takeaway: whereas digital ways corresponding to misinformation and affect campaigns are helpful in fashionable battle, they don’t seem to be going to win a warfare. That’s as a result of when bombs begin dropping and the bodily components of warfare are below approach, the misinformation spreading by digital channels turns into much less essential. Understandably, the victims of battle and people displaced have extra pressing priorities: meals, shelter and staying alive.
Turning the dialog as to if a warfare could possibly be received utilizing cyberattacks and digital disruption, there was additionally settlement among the many panelists that cyberattacks create non permanent harm, whereas a bomb touchdown on one thing is a more practical and lasting methodology of destruction.
The assaults towards crucial infrastructure in Ukraine probably verify this: Russia-aligned actors have launched quite a few cyberattacks towards the nation’s energy grid, leading to non permanent disruptions as techniques may be rebuilt and made operational once more in a comparatively brief time period. Meanwhile, a bomb touchdown on an influence facility is more likely to trigger long-term harm and limitation of service that would take months or years to revive. The big-picture conclusion on this a part of the panel dialogue is {that a} warfare can’t be received by cyber alone – it nonetheless must be received on the bodily battlefield.
Cyber and bodily safety
The dialogue then developed to how cyber impacts the bodily. One panelist made the remark to the impact that “an army can’t fight if they have not been fed”. Put in another way, as a rising variety of civilian contractors are getting used to offer the logistics wanted to function a military, making the assault floor broader than it could seem.
The panel used Taco Bell as a fictional analogy. A hacker might declare they modified the water provide in Taco Bell, however on nearer inspection it might simply be that they’ve tampered with a restaurant’s water cooler, which might not be sufficient to have an effect on its operations.
However, a cyberattack on Taco Bell’s provide chain might convey it to an operational cease. How? By stopping deliveries of produce to the restaurant. This dependency could possibly be much more obscure: an assault on the businesses that offer the meat utilized in Tacos might probably trigger Taco Bell to stop operations attributable to an absence of components for meals. The analogy holds true for the army: with out meals, the troops can’t combat or are, at finest, restricted.
What this implies for your online business
Moving past the panel dialogue, this raises a crucial query for companies: do they actually perceive their dependencies to be operationally resilient? Do they perceive the dependency their clients have on them to make sure the continued operation of their very own companies?
Sticking with the Taco Bell analogy, think about a cyberattack that takes away a key factor the enterprise must function; for instance, if the corporate depends on a provider for taco seasoning, then a cyberattack towards the provider might have an effect on Taco Bell’s capability to maintain working. This isn’t mere hypothesis – there are real-world examples of cyberattacks which have prompted this kind of disruption. For instance, the cyber-incident suffered by Change Healthcare, a well being knowledge processing agency, stopped medical companies being offered throughout practices and hospitals.
Today, so far as I do know, cybercriminals solely extort fee from these they immediately assault. But what if a cybercriminal determined to assault the third celebration after which demand an extortion fee from all the companies that depend on that provider? In my instance, say the taco seasoning firm is disrupted by ransomware, and whereas the cybercriminal might ask the seasoning firm to pay a requirement immediately, they could really achieve extra in the event that they requested fee from all the businesses reliant on the provider’s product, as an absence of provide might value them greater than the provider itself.
While this monetization technique could appear speculative, there is a vital level right here: does your online business actually perceive its dependencies and how you can mitigate the chance of assault on these it’s depending on? An actual-world instance is likely to be an assault on a catering firm that’s contracted to feed sufferers in a hospital. If the flexibility to feed sufferers is disrupted attributable to a cyberattack, then the hospital might need to declare a significant incident and shut admissions to new sufferers. In this state of affairs, would the hospital pay an extortion demand that brings again catering provide?
The key takeaway from this panel session for me is that this: all of us have to map and totally perceive the dependencies we depend on and guarantee we’ve got resilience the place wanted. If we are able to’t get to a degree of resilience, then we no less than want to know the chance posed by the dependencies.