In an environment where digital systems play an essential role in everything from supply chain management to national defense strategies, cyber warfare has emerged as the new main arena of conflict. Recent research observes that state and non-state actors alike have begun to incorporate their offensive and defensive cyber warfare capabilities into their respective military and political strategies. 

The low barriers to entry and the inability to track the source of an attack have given small countries and even loosely defined hacking syndicates the power to take on the big powers of the world. Disruptive attacks such as the supply chain attack on SolarWinds, the ransomware attack on the Colonial Pipeline and the Microsoft Exchange server attacks highlight the close link between the stability of the business environment and the geopolitical situation.

The Evolving Digital Battlefield 

Cyber warfare encompasses a broad range of activities from DDoS attacks to sophisticated spying and sabotage operations. It is conducted by military forces, spy agencies, private contractors and hacktivists for different reasons.

The new age of warfare is fought over government networks, business logistics, cloud services and industrial controls. The NotPetya attack is a classic example of a cyberattack that started as a ransomware attack by a Russian actor against Ukrainian companies but soon went global, causing damages of about $10 billion, while Maersk wrote off $300 million of its assets. 

AI, Quantum Computing and the Speed of Conflict 

AI is accelerating the speed of both offensive and defensive cyber warfare. The National Cyber Threat Assessment report by Canada highlights how generative AI technology is making the job of cybercriminals and nation-state actors much easier by automating the process of cyberattacks. These attacks are being carried out through the use of large language models. Quantum technology is still in the development stage. However, experts are of the opinion that it will be able to crack the present encryption technology. 

Hence, the need of the hour is to start planning for the next-gen encryption technology before the enemy gets a chance to exploit the vulnerability. Segun Onibalusi, CEO of Detutu Media, emphasizes the need to be proactive about the next cyber warfare. He says: “The same technology that enables innovation will also empower our adversaries. To thrive in the next cyber warfare, we need to build resilience into all aspects of our businesses.” He adds: “The lines between productive technology and destructive technology are blurring.” 

State Adversaries, Hacktivists and a Shifting Threat Landscape 

The nation-state is developing sophisticated cyber warfare capabilities. The Canadian Cyber Centre points out that the most popular cloud services from Amazon, Microsoft and Google are the main targets for nation-state actors who wish to engage in data theft or service degradation. These actors are getting closer to the edge by taking advantage of router, firewall and VPN vulnerabilities to go around security measures. Then they are using living off the land techniques with legitimate software to remain undetected. 

The involvement of non-state actors adds a new dimension to the complexity of cyber warfare. For instance, the increasing activities of hacktivists with geopolitical motivations have become a cause for worry. These are groups of cyberattackers who are often backed by a nation-state. Their operations have increased in the recent past. 

The Cyber Centre points out that the ongoing Russia-Ukraine conflict and the 2023 Israel-Hamas conflict have seen a rise in DDoS attacks, website defacements and data breaches. These groups often attack critical infrastructure, such as a city’s water supply. This means that businesses need to be aware that the ideological battles of hacktivists are likely to spill over into the corporate arena without any warning. 

Business Stability, Economic Impacts and Cascading Disruptions 

The economic cost of cyber warfare is already significant. In addition to ransom, data theft and system outages, the ongoing attacks are causing people to lose faith in online commerce and finance. Intellectual property theft through cyber espionage is a significant problem, as it damages a company’s competitive advantage. The NotPetya outbreak was a global problem caused by a cyberattack sponsored by a foreign government in another country. 

In addition to that, cyber warfare also impacts society and psychology because big attacks on infrastructure lead to social unrest. Disinformation campaigns use societal divisions and influence public opinion. A case example is the controversies that surrounded the 2016 US elections. From the national security perspective, attacking critical infrastructure could lead to war if the adversary misinterprets the attacks. Therefore, for international businesses, it means more regulations and compliance, as well as liabilities. 

Supply Chain Fragility and Dominant Vendor Risks 

Today’s businesses rely on a handful of technology companies for cloud services, productivity and communication. The Cyber Centre points out that the risk of a system failure is significant, as a cyber incident against a leading provider of a service can affect the entire industry. The threat actors are attacking large cloud services. 

For instance, in 2023, a People’s Republic of China-affiliated threat actor compromised Microsoft’s cloud email service. In 2024, a DDoS event briefly affected parts of the Azure cloud services. These are examples of even the most powerful technology companies acting as single points of failure. 

Another risk is that of technology services that are used by both the military and the civilian population. The Cyber Centre points out that state-sponsored actors have been attacking commercial satellite services, causing outages that affect both the military and the civilian population. 

Building Resilience: Strategies for Security Leaders 

To address the growing cyberthreats, it is recommended that the organization use a proactive and multi-layered approach. The main priorities include: 

• Zero-Trust and Secure Design: Do not trust anyone or anything. Use continuous monitoring to detect unusual behavior. 

• Threat Intelligence and Behavior Analytics: Know the tricks of the attackers. AI helps in the detection of threats. Human intervention is also important to avoid false alarms. 

• Supply Chain Due Diligence: Conduct thorough checks on the suppliers. Diversify the supply chain and have alternatives in case of supplier failure. 

• Security-Oriented Culture: Regular training is important. With the use of AI, phishing emails will become more sophisticated. Therefore, it is important to educate the employees. 

• Cross-Sector Collaboration: Cyber warfare is an international concern. Therefore, the government and various sectors must collaborate. 

The board of the company should consider it an important strategic concern and fund it as such. This includes engaging in policy discussions on the new regulations and the use of AI. Business leaders should also support independent journalism and education on the topic of disinformation. This could be done by connecting to Detutu Media and learning from the various articles they post on their website regarding technology and how it impacts society. 

Conclusion 

Cyber warfare has evolved from an obscure strategy to an important concern in the global risk landscape. With the advent of AI and quantum computing technology, the speed and accuracy of cyberattacks have increased manifold. On the other hand, state and ideological actors have also become major obstacles in tracing and controlling cyberattacks. 

The NotPetya and SolarWinds attacks have already demonstrated the power of digital conflicts to disrupt the world supply chain and destabilize the corporate world. The technology sector is already concentrated and heavily focused on dual-use services. 

What’s the way forward for security leaders? The way forward is learning and adapting.

Resilience needs to be built into the organization. The future will be marked by the speed of technology and the geopolitical landscape. Those who learn and adapt today will be better positioned to serve their customers, shareholders and society.