The Changing Landscape of Cybersecurity: A Look into Hybrid Warfare and Cloud Resilience

As of the end of 2024, Amazon revealed a staggering increase in cyberthreats, detecting around 750 million intrusion attempts daily, a significant jump from the previous 100 million over the past few months. CJ Moses, Amazon’s chief information security officer, shared this information in an interview with the Wall Street Journal.

Moses, with a background in investigating cybercrime for the FBI and the Air Force Office of Special Investigations, highlighted the growing concern among security experts regarding the impact of AI on expanding attack surfaces and creating new vulnerabilities for security teams.

Today’s cybersecurity risks go beyond traditional DDoS attacks and misconfigured S3 buckets. They now include threats such as subsea cable sabotage, identity system compromises, and geopolitically motivated infrastructure disruption, marking the rise of a new era known as hybrid warfare.

Unlike theoretical concepts, hybrid warfare is a reality that requires the involvement of not just governments but also the private sector to address. This ongoing shift is reshaping how security leaders in the private industry approach resilience.

Every security team must now prepare for scenarios where the cloud infrastructure becomes inaccessible.

Targeting the Physical Backbone

Hybrid warfare combines cyberattacks, physical sabotage, disinformation, and economic coercion to disrupt or destabilize targets, including the infrastructure supporting cloud services.

Recent incidents like the Flax Typhoon infecting over 260,000 internet-connected devices globally and the sabotage of undersea cables between Estonia, Finland, and Sweden attributed to Russia-linked actors underscore the vulnerabilities of physical infrastructure. These events serve as real-world tests of resilience, exposing weaknesses in the systems that underpin global connectivity.

Other examples, such as the Volt Typhoon infiltration and the SolarWinds supply-chain attack, demonstrate the increasing sophistication and impact of state-sponsored sabotage and espionage campaigns on critical networks.

Challenges in Cloud Resilience

While many organizations assume that the cloud’s geographic redundancy makes it inherently resilient, most backup solutions still rely on major cloud providers like AWS, Azure, and GCP. This dependency means that backups are stored in the cloud, potentially beyond the organization’s control.

When faced with scenarios like cable cuts or targeted DNS services, even multi-region failover strategies may become ineffective. Identity federation could break, SaaS logins might fail, and backups could become inaccessible, leaving teams unable to recover vital data.

Importance of Sovereign, Isolated Storage

Sovereign backup providers offer a solution by maintaining local storage, reducing cross-border data replication, minimizing cloud reliance, and ensuring close proximity to all company data. This approach ensures that even in cases of DNS failures or compromised cloud access, organizations have local access to critical data.

Regulatory frameworks like DORA and NIS2 mandate that organizations in critical sectors demonstrate the ability to recover from ICT disruptions with minimal reliance on third-party connectivity, making sovereign storage a necessary best practice.

Enhancing Resilience for Hybrid Warfare

Security teams must proactively prepare for scenarios where cloud services become inaccessible. Key steps to enhance resilience include:

• Inventory mission-critical data: Identify essential data for operations and recovery, prioritizing based on risk.
• Identify infrastructure dependencies: Understand which systems are hosted, federated, or rely on cloud services.
• Map geopolitical exposure: Assess the hosting countries of providers, traffic routes, and control over data flows.
• Simulate no-cloud conditions: Test scenarios where cloud services are unavailable to understand the impact on operations.
• Test local recovery: Conduct drills assuming no cloud access to evaluate the effectiveness and efficiency of recovery workflows.

Preparing for a dark-cloud scenario is essential for security organizations to ensure operational continuity in the face of evolving threats. The true measure of resilience lies in a business’s ability to sustain operations even when traditional systems go offline.

Kim Larsen, Chief Information Security Officer at Keepit, brings over 20 years of IT and cybersecurity leadership experience from various sectors. With expertise in business-driven security, risk management, and security strategy development, Kim is a seasoned speaker, negotiator, and advisor on cyber and general security topics.

Connect with Kim Larsen on LinkedIn.