Why we are losing the Cyberwar
“If the arrows of the Medes obscure the sun, we will battle them in the shade.”
— Dienekes The Unbroken, Spartan homoiós
Sometimes, cyber defenders are romantically portrayed as warriors. If I had to choose such an image for myself, I would undoubtedly select that of a Spartan. This choice isn’t just influenced by my childhood readings but also because the comparison seems strikingly appropriate. Being on the First Line of Defence today feels akin to standing with the 300 Spartans at Thermopylae. We represent the thin red line safeguarding business-critical functions, business continuity, critical infrastructure, data privacy, and access to services and natural resources against a malevolent force. We usually are outnumbered and outgunned, but we must hold the line because the Freedom of the Hellenes depends on us.
A decade ago, the prevailing sentiment was that cyber insecurity represented the primary risk in the Information and Communications Technology (ICT) sector. Five years ago, awareness grew that it was, in fact, the principal business risk. In 2023, the Davos World Economic Forum elevated cyber insecurity to the list of Global Systemic Risks. Furthermore, it warned of a high likelihood of a “far-reaching, catastrophic cybersecurity incident” with systemic impact within the next two years. So, finally, it seems we are getting the picture right.
The adversary: a multitude of Threat Actors
With a projected aggregate value of $10.5 trillion USD by 2025, cybercrime has risen to become the world’s third-largest economy. This faceless, multinational, and stealthy foe has orchestrated the most significant transfer of wealth in human history. The wealth being siphoned off belongs to us — it originates from our businesses, our savings, and our taxes. It preys upon our privacy, digital identities, corporate reputations, and trade secrets. It jeopardizes our access to essential services, ranging from hailing an Uber to ensuring safe drinking water.
Cybercrime has rendered traditional transnational criminal enterprises — such as drug smuggling, human and organ trafficking, money laundering, and counterfeiting — less profitable in comparison. The dark web, acting as a marketplace for cyberattack services, is approximately 5,000 times larger than the indexable web and grows in a scale that defies quantification. New cyberattack offerings pop up every other day, adding to the traditonal RaaS and MaaS, a new constellation of terrifying acronyms such as DFaaS (Deep Fakes as a Service) or VCaaS (Voice cloning as a Service). These “services” leverage the adversarial use of AI, eroding the very concept of authenticity and identity. And remember, as far as we all are, one way or another, in the Cloud (and sometimes for no reason), the mantra “Identity is the New Perimeter” takes on an unsettling twist, making one yearn for the security of the Old perimeter.
The Ecosystem of Cybercrime-as-a-Service: Lowering Barriers for Threat Actors
The emergence of Cybercrime-as-a-Service has dramatically shortened the learning curve for threat actors. Skiddies can now, in the blink if an eye, ascend to the rank of ninja hacker masters.
Adding insult to injury, “hackentrepreneurs” (yep, I’ve made that one up) have developed for their nefarious wares a level of service sophistication that many legitimate SaaS providers could stand to emulate. Their hacker customers get access to user-friendly interfaces, well-designed dashboards for rent-as-you-hack Command and Control (C2) servers, a curated selection of payloads (staged, of course), templates for ransom notes and phishing emails with malicious attachments, and even a five-star customer support line. The whole nine yards of MITRE’s Tactics, Techniques, and Procedures ( TTPs) readily available for Mallory’s fingertips. All one needs to add is a list of exfiltrated corporate emails — which can often be acquired for free — to turn potential targets into victims of a ransomware-for-hire scheme. The last time I checked, all these services were available for a mere $500 USD per month (special offer!), plus a reasonable cut of any ransom profits, facilitated by an integrated Bitcoin payment gateway (why not!).
Beyond Extraction: The Full-Scale Economy of Cybercrime
As it turns out, the so-called “Evil Empire” is more than just an extractive economy; it’s also a production and services economy. Add cryptocurrency theft, shady FTXs, and black markets to the equation, and what emerges is a fully-fledged financial ecosystem.
The Asymmetry of Cyberdefense: An Uphill Battle Every Day
By its very nature, cyberdefense is a form of asymmetric warfare. While Mallory only needs to succeed once, we as cyberdefenders must be infallible every single day. And the battlefield grows increasingly uneven. Our adversaries are highly motivated, well-resourced, and technologically advanced. Unlike us, they are unconstrained by regulations and largely unaccountable for their actions. The trends are clear: regardless of the type of cyberattack you examine, all indicators point to increasing frequency, complexity, and impact. The alarming pace of retooling, combined with a disconcerting growing range and variability of attacks, further tilts the scales in favor of the attackers.
The Changing Face of Victimology: No One is Safe
The utility of victimiology in the realm of cyberintelligence is diminishing. The majority of attacks are increasingly targeted, thanks to the enhanced capabilities and resources available to adversaries. What’s even more concerning is the noticeable shift in motivations — from purely financial aims to intentional disruption. Traditional ransomware attacks are evolving into campaigns of wanton destruction; looting is giving way to indiscriminate harm. The message is clear: cybercriminals aim not only to steal from you but to harm you as well. We are not winning.
Are We Really Losing the Cyberwar? Holding the Line and Turning the Tide
While it may appear that we’re on the back foot in this ever-evolving cyber landscape, it’s crucial to recognize that holding the line is, in itself, a form of victory. While maintaining a strong defensive posture is essential, I argue that it’s time to go beyond merely holding the line. In a domain as dynamic as cybersecurity, the notion of defense must evolve to include proactive, even aggressive, (within the bounds of the Rule of Law) measures. Deceptive technology — such as honeypots, traps, and fake endpoints — can lure adversaries into revealing their tactics, techniques, and procedures (TTPs). Similarly, offensive cyber defense actions — such as active honeypots and counter-exploitation — can neutralize, deter or disrupt cyber threats before they breach our walls. We need to punch back.
Yet, to truly turn the tide, we must mobilize every resource at our disposal. In this relentless cyberwar, maintaining our defenses is not just about survival — it’s the first step toward reclaiming the cyberspace.
- This is the first of a multi-post series. Read the second post: “Other challenges to brew the Perfect Storm: Rate of Change”.
- A quick clarification -Navigating the Cybersecurity Lexicon-: Meet Mallory, Alice, Bob, and Dennis. In my years of teaching cybersecurity, I found that simplifying complex concepts through relatable terminology can be highly effective. So I created (or copied from my forebearers) some characters to help elucidate the nuances of cyber interactions. Meet Alice and Bob — our digital everyman and everywoman, respectively. They represent two points in a secure communication channel. Serving as the go-between for Alice and Bob is Dennis, the DNS server that facilitates their online rendezvous. But not all characters in this digital drama have good intentions. Enter Mallory — the personification of the cybercriminal, ever lurking in the virtual shadows. This ensemble helps to humanize what can often be an intimidating subject, making it easier for students and readers to grasp the inherent challenges in securing a digital landscape. When I talk about an attack from “Mallory,” we’re discussing threats from cybercriminals — actors who need only succeed once to claim a win, while we, the cyberdefenders, must remain vigilant every single moment.
