Arm Your Defenses to Guard Against Nation State Attacks

Nation state attackers are on the hunt for the next vulnerable target. No longer satisfied with infiltrating government institutions or mining for sensitive military data, they are broadening their efforts to target industrial facilities and businesses with the intent to destabilize and disrupt organizations and their countries.

It’s scary to consider that more than 60 countries have developed or are developing cyberweapons for computer espionage and attacks. More terrifying still is that the more common cybercriminal is learning quickly from these “military-grade” cyberweapons, closing the gap between nation state attacks and other forms of cybercrime quickly. And the impact is costly. The Ponemon Institute reports that cybercrime is costing organizations an average of $11.7 million, 23% more than last year.Adding to that, many predict the frequency and impact of nation state cyberattacks will grow, with greater coordination and devastation, such as an attack on a power grid during a blizzard or extreme cold conditions.

Lest you think your organization is up to speed on threat defense, whether to defend against nation state or other cyber criminals, the fact is, you can’t be up to speed because the game is constantly changing. Here are five practices to guard against expanding nation state attacks and the other cybercrimes they may influence:

  1. Tighten up Device Security:  If asked, can you be confident you are up to date on all the devices running on your network? IoT devices are notorious for less than optimum security controls. Make sure unvetted and unauthorized devices can’t copy data, regardless of how they connect to the network. Simplify all device control by centrally managing devices using a whitelist approach to pre-approve applications. Without compromising worker productivity, implement application access controls to prevent unauthorized executable code entering the network and creating the unwanted path for a nation state or other cyberattack.
  2. Keep it Offline: Every task, every workload, does not need internet access. Reduce your cyberattack surface by isolating workloads from the internet when access is not required. It will serve to further reduce the exposure of critical data to unauthorized access, and to defend against ‘man in the middle’ attacks in which the attacker intervenes between two parties who believe they are communicating directly with each other. Spoofing financial details, so a sender winds up paying a false bank account rather than their own, is a type of man in the middle attack. Similarly, there have been successful attacks hacking in to corporate financial transactions.
  3. Be Always On. Nation state attackers are always prowling for the next target. You need to adopt the same always-on approach: risk mitigation strategies must be constantly reviewed and updated in accordance with new threats. You and your IT team need to have a really good workflow to support IT implementation of security measures such as patching, application control and privilege management. These security activities need to be revisited on a periodic basis to make sure that 1) the controls identified are being executed and 2) the controls actually mitigate the identified threats. This continual surveillance should include deep visibility into traffic patterns across your network to alert you to denial of service threats, or the insidious low volume attacks, like stress tests.
  4. Who’s Your Vendor? There is a growing, and very justified discussion in the security community around the need to be far more diligent in choosing and monitoring vendors and external service providers in the IT space. Organizations need to vet critical providers and the technology acquired from nations that pose a threat. The National Institute of Standards and Technology(NIST) is a useful resource to review for recommended restrictions on purchasing from certain suppliers or countries.
  5. Security is an All-Hands Dynamic.  While IT and security teams are in the front lines against nation state and other cyber-attacks, in reality, security needs to be embraced by all employees. Quick containment of threats needs everyone to be alert to malicious activity and an efficient reporting structure must be in place, so IT can respond before the threat becomes a devastating data breach. This means IT and security working with HR and internal communications team members to keep everyone in the organization apprised of new threats, and new defense tactics.

One Globe. Many Threats.

We know the lines are blurring between nation state attackers and your common cybercriminal. All are becoming more sophisticated, more devious and, as the numbers will show, being very effective in breaching data belonging to millions of individuals worldwide.

It won’t stop. However, being more ambitious in improving your organization’s security practices, taking a close look at your external providers, and employing tools such as patch management and application whitelisting, will help make you and your team tougher combatants in the cyber war.

Phil Richards

Phil Richards is the Chief Information Security Officer for Ivanti and an expert on issues related to ransomware, enterprise security and endpoint threats and patching. He also has deep subject expertise in IT risk management and regulatory compliance.  

Phil Richards Web Site