Are You Ready For State-Sponsored Cyber Attack?

 

Geopolitical tensions ensure that 2017 will be another big year for state-sponsored cyber attacks.  The lethality of state-sponsored attacks derives from their ability to bypass security point products by combining device, network and data center vulnerabilities into an integrated assault.  

Another aspect of state-sponsored cyber-attacks is their willingness to patiently creep from organisation to organisation to get to their target.

Irrespective of the lethality of state-sponsored cyber-attacks, it is a mistake to think that there is no way to stop them.  If your organisation has something of value to a foreign government here are five cyber-attack counter-measures you should be implementing.

Verify User Identity

Phishing to steal credentials is the #1 technique used by foreign governments to gain access to sensitive data.  Why? It works.  The bigger an organisation, the greater the number of supply chain partners, the easier it becomes for cyber attackers to steal credentials.   

The foundational security control to stop credential theft is 2 factor authentication.  To make it less painful, you can extend the session timeout to a full workday.  

To protect more sensitive business critical apps, consider a certificate-based VPN that binds the user identity to their device.  While it is possible to steal a certificate, as soon as you have 2 connections from the same cert you instantly know there’s a breach.

Check Device and Server Software

Right after identity theft, malware is the next favorite cyber-attack technique.  Installing malware on user devices and Internet accessible servers has become commonplace today.   There’s now a robust international marketplace for zero-day attacks and server exploits.

Malware detection software has greatly improved in recent years so there’s no reason not to implement it.  Code signing has been around for a while but IT organisations don’t like setting up PKI services to generate and verify digital certificates. However, this is a critical control for any large organisation.

Match Authorisation to Role

The OPM cyber attackers utilised non-active contractor account to gain access to the data center.  Unfortunately, most organisations maintain non-active accounts for tax purposes, even though users don't need access to the data center.

Make sure the authorisation level matches the role of the user.  If you need to keep identities active for tax or retirement purposes, consider migrating non-active accounts to externally hosted identity services and allowing access only to partitioned services.

Protect Data Encryption and Virtual Desktops

Many IT managers assume that by encrypting data or putting it behind a virtual desktop they are safe they are safe from theft. Unfortunately, most data encryption systems automatically decrypt data for authorised users.  Additionally, virtual desktop solutions are vulnerable to the same server exploits and data center attacks as regular PCs.

To protect against a state-sponsored cyber-attack, data encryption and virtual desktop solutions need the same protections against credential theft and lateral movement that Internet accessible systems have. Implement access controls and network partitions to protect high value data encryption and virtual desktops.

Partition Supply Chain Resources

Most Fortune 500 companies have outsourced some aspect of their mission critical operations to a supply chain partner.  Unfortunately, when partner personnel have all the same internal access as employee’s traditional perimeter security systems are of little value.  It gets even worse when one considers that most outsourcing companies outsource their activities to other outsource companies.

Partition your data center so resources accessed by supply chain partners have no lateral access to sensitive data.  One strategy that has been successfully used is migrate partner apps to a public cloud and utilise a secure application-layer connection back to the data center.  This way if there is a breach, it’s contained to a public cloud.

We can’t stop foreign governments from attacking nations but we can stop the attacks from being successful!  We now have enough data on their techniques to design counter-measures. We need to implement them.

CTO Vison:             What Happens When Two Countries Fight A Cyber War?:

 Surprise: N Korea Hacked S Korea Cyber Command:   

 

 

« Internet Has Changed The Media Business Model
Robots Will Take Our Jobs – But That's Good. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

FirstPoint Mobile Guard

FirstPoint Mobile Guard

FirstPoint Mobile Guard has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

Bluerydge

Bluerydge

Bluerydge specialises in cyber security and technology, focusing on the delivery of innovative sovereign solutions through trusted, cleared and experienced professionals.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

InQuest

InQuest

InQuest specialize in providing comprehensive network-based security solutions that empower organizations to protect their most critical assets: their people.