For many years, nation-states have used private organizations of all sizes as part of their standard operating procedures. Most large companies are aware of this. However, if you are a security expert in a small and medium-sized business, you might think: “I know I need to protect my company from cyber threats, but from nation-state threats? Really?”
Yes really. Imagine if you work in one of the following organizations:
- Law firms representing dissidents, defectors, or specific groups of people that may be of concern to a nation-state. Or a marketing or advertising company dedicated to undermining the stance of the nation-state. In these situations, the opportunity to obtain information that may be useful to a country’s anti-people or ideal movement is enough to allow threat actors to penetrate your network and systems.
- A small biotechnology company with valuable intellectual property (IP) on a new life-saving drug. Stealing this intellectual property to preemptively produce the drug and bring you to the market may bring huge rewards.
- Companies in the oil and gas, energy, construction or manufacturing industries are bidding for a lucrative job. It is well worth it to break in to see your bid and lower it to win the contract.
Bottom line: If the goal of a particular nation-state and the information they need to achieve that goal are consistent with what you have that can help them, then you are an interesting goal.
Private organizations are beginning to realize that this has happened for many years. The results of their R&D project a few years ago are now appearing in other countries due to the theft of intellectual property rights. Unfortunately, they cannot turn back the clock, but they can implement solutions now to protect their precious digital assets and processes and protect the future.
For others, SolarWinds supply chain attacks are their wake-up call. No company, no matter how large or small it is, is not immune. Nation-states are focused on their ultimate goal, and if they fail to reach the ultimate goal, they may use smaller companies as stepping stones. Therefore, all companies in the supply chain must protect themselves from known and new attacks and be able to detect and respond quickly.
But here is one important thing to know: Just because you may be the target of a nation-state does not mean that you are dealing with the complexity of James Bond and the network equivalent of fighter jets. It may just send a basic lock opener to do the job. Unless it targets government agencies and government contractors, in most cases, nation-state threat actors usually operate like spammers—modifying previous exploits, creating target lists, and launching a campaign focused on economies of scale .
Arm yourself against your opponent
Without a large budget and time-consuming security technology deployment, the risk of attacks can be effectively reduced. What it needs is to understand what you might be interested in, what might be targeted at you, and the internal and external resources that can be used to enhance defense capabilities. You can then invest wisely to protect yourself, your customers, intellectual property, and income streams from nation-state actors.
Here are some tips to help.
Inventory of high-value assets
Know where the jewels in your crown are stored, including IP, customer files, and personally identifiable information (PII). Understand how and with whom this important data is shared inside and outside the company.
Know your enemy
Understand the attacker’s motives and their strategies, techniques and procedures (TTP). Subscribe to the correct external threat intelligence sources and consult the internal circle of trusted industry colleagues for the latest situation.
Implement good cyber hygiene
Back to basics, including strengthening passwords and implementing multi-factor authentication (MFA) as much as possible. Be vigilant when training your employees to think before clicking. Hover your mouse over the links to see if they are similar to legitimate addresses, pay attention to spelling and grammatical errors and general greetings that may indicate malicious emails, and click in the email or attachment only if you confirm that the sender is legitimate the link to.
Update applications and systems
Unpatched software and systems are still one of the main reasons why companies encounter intrusions. Keep up to date with the most relevant updates by prioritizing patching based on threat intelligence.
Identify and close protection gaps
Whether you have your own security operations center (SOC) or work with MSSP, make sure you have basic security protection measures, including firewalls, intrusion prevention and detection, antivirus, email and web gateways, and endpoint detection and response ( EDR)). Based on your knowledge of the adversary, introduce new technologies where necessary, so that you can strengthen your defenses against emerging attacks.
Assess incident response capabilities
Make sure that you have a strong relationship with an incident response (IR) service company and that their IR plan is up-to-date, tested, and gives you confidence that you can respond effectively in the event of an attack.
So, back to our question: James Bond or Mr. Bean-who are you facing? The answer is probably Mr. Bean. The good news is that you do not need to carry heavy artillery. But you do need to ensure that you take the appropriate level of action now and begin to reduce the risk of nation-state attacks.
As the senior vice president of ThreatQuotient strategy, Jonathan Couch uses his more than 20 years of experience in information security, information warfare, and intelligence gathering to focus on the development of people, processes, and technologies within the client’s organization to assist… View full story