Most cybercriminals want something from you like money, data, or access. You can negotiate with that. You can defend against that. But what do you do when the goal isn’t to steal from you but to destroy?
Terrorist groups are increasingly turning to cyberattacks not for financial gain, but for maximum psychological impact. They target symbols of stability like the systems people depend on to feel safe: power grids, communications systems, etc. Maybe that’s not you, but here’s the important thing most business miss: you don’t have to be the primary target for a cyber terrorist. You just have to be connected to one. That connection could be through a vendor relationship, a shared network, a government contract or any thread that can become the path in.
Traditionally, terrorist tactics have been lower-cost and easier to deploy, with the goal of maximum psychological impact rather than a military win. Highly visible, high-impact incidents such as bombings, armed assaults, vehicle attacks and kidnappings are prominent because they’re simpler to execute, yet are highly effective at creating fear, uncertainty, disruption and the sense that nowhere is safe.
However, although less developed than physical attacks, cyber-related actions have become an emerging tool for some terrorist groups. So far, activity has been kept to relatively low-level operations. But with tools and skills becoming more accessible, the scale and impact of cyber-enabled terrorism looks to increase quickly.
Guardian CEO Chuck Smith says, “Not every attacker wants your money. Some want chaos. Some want fear. Terror groups target public infrastructure and symbols of trust, disrupting communications and creating panic.
How are the terrorists evolving?
Depending on tools and skills, cyber-terrorism today looks like a series of stair steps:
At the lower end, non-state terrorist cyberattacks focus on visibility and disruption. This includes website defacements, social media hijacking for propaganda, and DDoS (Distributed Denial-of-Service – knocking websites or online services offline). These attacks generate headlines by taking temporary control of widely used systems.
Moving up, groups begin to target data and internal systems. This includes stealing and leaking sensitive information, doxxing individuals (publishing personal information), and using extortion tactics to pressure government entities or organizations. At a more advanced level, attackers may gain deeper access into networks to disrupt operations by deleting data and locking systems.
At the highest levels, cyber efforts shift back toward real-world impacts on a general population. This involves access and disruption of critical infrastructure such as power, water, or transportation systems. Even more complex scenarios could occur where a cyberattack is coordinated with a physical attack.
What you need to do right now
Start here:
Take the terrorist threat seriously. You may think a terrorist group wouldn’t want anything from your company. Maybe not, but think of the partners, companies and government agencies you deal with daily. Remember the Aspen Forest analogy, just like the Aspen trees, we’re all connected. Hurting one can send a widespread ripple through many.
Ensure backup protection. Keep secure backup copies of your data that terrorists cannot alter or lock. Maintain multiple copies of your data in different locations and formats so it can always be recovered. This is known as the “3-2-1-1 backup” strategy: 3 copies, 2 different storage types, 1 offsite, 1 immutable (an unalterable / unmodifiable copy).
Have a continuity and recovery plan. In case there is a disruption, define which parts of your business are most critical and how quickly they need to be back up and running. Regularly test your backups and your ability to restore data, systems, and business operations.
Monitor the Dark Web. Continuously check whether employee usernames and passwords have been exposed or sold online.
Go beyond traditional team training. Serious companies include ongoing gamified training and attack simulations. Employees should be able to spot the ways attackers try to trick them (social engineering and phishing scams).
Analyze your cybersecurity budget. Most companies spend too much on reactive defenses, and very little if any on proactive cybersecurity. Reactive comes into play once an attacker is already in your system. Proactive solutions identify and stop threats before they breach your perimeter.
Smith says that operational resilience, not just prevention, is the key to protecting your business from the repercussions of a cyber attack. He suggests preparing for outages, rehearsing your crisis communications, and backing up everything – think immutable copy.
The Guardian difference
Cybersecurity isn’t just defense. It’s also offense: prepare, predict and protect. At Guardian, we operate from the attacker’s perspective, continuously hunting for exposure, identifying gaps, and eliminating the paths threats rely on before they’re used against you. We actively look for what’s exposed instead of simply waiting on alerts. And we monitor and test continuously to make sure you’re protected. Tools alone aren’t enough. Our experienced team protects your environment and proves that it’s working, so you can make decisions with confidence, not assumptions.