Enable breadcrumbs token at /includes/pageheader.html.twig

An All-Teams Approach Is Key for Businesses Facing Cyber and Quantum Threats

Effective crisis management requires all-hands-on-deck, including those not involved with technology.

Sabastian Hague, head of defensive content at Hack The Box, speaks Friday at AFCEA's TechNet International in Brussels.

The next war may not look like what planners currently envisage, and the conflict may have already started.

Hybrid warfare by state-sponsored and nominally independent actors is one of the threats businesses and agencies face daily.

The war in Ukraine has proven that businesses have a central role in cyber warfare and may already be standing in the first line of defense.

Risks will intensify as quantum computing arrives.

“In plain terms, most digital communication can be eavesdropped and manipulated using a quantum computer. This will enable a new level of hybrid warfare. Most military systems, strategic and tactical, devices and networks, that use cryptography will be attacked,” said Burkhard Jour, sales director Europe at PQShield.

While incidents are expected to grow, one disadvantage for businesses is that they have a limited ability to drill procedures before an actual system breach happens.

“We deliver essentially practical scenarios, so it's a full live-attack scenario with an environment that we like to build with the customer,” said Sabastian Hague, head of defensive content at Hack The Box.

This means that all teams in a company face a controlled exercise with a high degree of realism.

Hague explained that part of client training is the technology side of an attack or leak, as well as public relations with other support teams.

One crucial organizational aspect when dealing with these scenarios is internal communication. Hague stressed that one of the key weaknesses observed among his clients is reporting among teams to allow readiness, for example, when the media finds out about the incident.

Hague shared his experience in one of these simulations with the audience at AFCEA's TechNet International on Friday in Brussels.

“The analysts didn't communicate with management, which meant communication plans were not put together, which means when we did our next text with an interview with a journalist, the comms manager—or comms officer—was not prepared with any statements, and essentially, we tore them apart in the interview,” Hague explained.

Another form of enhancing readiness is through crowd-sourcing.

“Instead of saying we're going to go ahead and spend 80 hours of time looking at a particular problem, we're now going to bring the crowd; we're going to invite people from the outside to look into what we are trying to protect,” said Kent Wilson, vice president of global public sector at Bugcrowd.

Kent Wilson, Bugcrowd, talks cyber vulnerability and security at AFCEA's TechNet International in Brussels.

Kent Wilson, Bugcrowd, discusses cyber vulnerabilities and security on Friday at TechNet International in Brussels.

Setting compensation levels for vulnerability detection, effectively changes the nature of defense of all organizations.

“A vulnerability is only worth what somebody will pay for it,” Wilson told the audience.

Depending on the type of weakness found, compensation varies, according to Wilson.

While quantum-resistant cryptography is mandatory in the United States, it is not in Europe, and as science inches closer to full development of this novel computing form, preparation should be implemented as early as possible, according to Jour.

Still, cybersecurity is a whole-organization issue, and all teams should be ready to deal with an incident, including those who will speak with stakeholders beyond the institution attacked.

TechNet International is a yearly event organized by AFCEA International, SIGNAL Media’s parent.