Are You Ready For State-Sponsored Cyber Attack?

 

Geopolitical tensions ensure that 2017 will be another big year for state-sponsored cyber attacks.  The lethality of state-sponsored attacks derives from their ability to bypass security point products by combining device, network and data center vulnerabilities into an integrated assault.  

Another aspect of state-sponsored cyber-attacks is their willingness to patiently creep from organisation to organisation to get to their target.

Irrespective of the lethality of state-sponsored cyber-attacks, it is a mistake to think that there is no way to stop them.  If your organisation has something of value to a foreign government here are five cyber-attack counter-measures you should be implementing.

Verify User Identity

Phishing to steal credentials is the #1 technique used by foreign governments to gain access to sensitive data.  Why? It works.  The bigger an organisation, the greater the number of supply chain partners, the easier it becomes for cyber attackers to steal credentials.   

The foundational security control to stop credential theft is 2 factor authentication.  To make it less painful, you can extend the session timeout to a full workday.  

To protect more sensitive business critical apps, consider a certificate-based VPN that binds the user identity to their device.  While it is possible to steal a certificate, as soon as you have 2 connections from the same cert you instantly know there’s a breach.

Check Device and Server Software

Right after identity theft, malware is the next favorite cyber-attack technique.  Installing malware on user devices and Internet accessible servers has become commonplace today.   There’s now a robust international marketplace for zero-day attacks and server exploits.

Malware detection software has greatly improved in recent years so there’s no reason not to implement it.  Code signing has been around for a while but IT organisations don’t like setting up PKI services to generate and verify digital certificates. However, this is a critical control for any large organisation.

Match Authorisation to Role

The OPM cyber attackers utilised non-active contractor account to gain access to the data center.  Unfortunately, most organisations maintain non-active accounts for tax purposes, even though users don't need access to the data center.

Make sure the authorisation level matches the role of the user.  If you need to keep identities active for tax or retirement purposes, consider migrating non-active accounts to externally hosted identity services and allowing access only to partitioned services.

Protect Data Encryption and Virtual Desktops

Many IT managers assume that by encrypting data or putting it behind a virtual desktop they are safe they are safe from theft. Unfortunately, most data encryption systems automatically decrypt data for authorised users.  Additionally, virtual desktop solutions are vulnerable to the same server exploits and data center attacks as regular PCs.

To protect against a state-sponsored cyber-attack, data encryption and virtual desktop solutions need the same protections against credential theft and lateral movement that Internet accessible systems have. Implement access controls and network partitions to protect high value data encryption and virtual desktops.

Partition Supply Chain Resources

Most Fortune 500 companies have outsourced some aspect of their mission critical operations to a supply chain partner.  Unfortunately, when partner personnel have all the same internal access as employee’s traditional perimeter security systems are of little value.  It gets even worse when one considers that most outsourcing companies outsource their activities to other outsource companies.

Partition your data center so resources accessed by supply chain partners have no lateral access to sensitive data.  One strategy that has been successfully used is migrate partner apps to a public cloud and utilise a secure application-layer connection back to the data center.  This way if there is a breach, it’s contained to a public cloud.

We can’t stop foreign governments from attacking nations but we can stop the attacks from being successful!  We now have enough data on their techniques to design counter-measures. We need to implement them.

CTO Vison:             What Happens When Two Countries Fight A Cyber War?:

 Surprise: N Korea Hacked S Korea Cyber Command:   

 

 

« Internet Has Changed The Media Business Model
Robots Will Take Our Jobs – But That's Good. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.