State-Sponsored Attacks and What They Mean for Your Business
State-sponsored attacks (SSA) are carried out by cyber criminals directly linked to a nation-state. Their goals are threefold: identify and exploit national infrastructure vulnerabilities, gather intelligence, and exploit systems and people for money.
One might think that one nation after another would leave businesses alone, that they would just attack each other; however, directly hacking a government or military system is significantly more difficult, requires more resources, and, if detected, could be treated as an act of war.
Therefore, the unlucky man in the middle is the poorly defended business that can serve as a port for SSA to gain a foothold in their target country. Not all businesses need worry, but the following should treat SSA as a serious potential threat:
- Public services and utilities
- Companies with active government contracts
- Local government entities
- High-value companies
- Businesses known to handle sensitive information
- Organizations that could be severely impacted by IT downtime
- Businesses with offices or operations in a potentially volatile region
These organizations in particular must prepare themselves for the possibility of a highly sophisticated, targeted, and well-funded attack. First, the fundamentals should be in place. This includes antivirus, patch management, encryption, backup, disaster recovery plan, and the like.
Second, security awareness should be embedded in the company culture. This can be accomplished by performing regular phishing assessments and social engineering training. The fewer human vulnerabilities, the fewer entry points into your systems.
Third, critical IT systems and sensitive data stores should be isolated from the Internet and the general intranet. This added layer of security makes it considerably more difficult for attackers to steal information or disrupt operations.
Fourth, evaluate your technology supply chain for vulnerabilities in current hardware and software. Conducting an audit will provide insight into potential backdoors for malicious actors. It isn’t paranoia; it’s risk management.
Fifth, stay active in the community (see CISA.gov for examples) to learn about relevant threats. Likewise, share what you know and help build a stronger culture of industry awareness.
And sixth, secure communication channels. Whether voice, video, email, or text, having at least one fully secure channel you can rely on is critical to prevent outside monitoring.
While not everyone will fall under the malicious gaze of SSA, some inevitably will, and they’ll pay dearly for lax security measures and believing “it won’t happen to me.” To spare your organization from espionage, intellectual property theft, and politically motivated attacks, stay abreast of new threats, maintain basic security measures, segregate important systems and data, and integrate security awareness into your company culture.