Click to learn more about author James Carder.
Recent, high-profile cybersecurity hacks have put a massive spotlight on an imperative security measure: defense against foreign threat actors. The SolarWinds attack and attempts on Pfizer have now set the rules of engagement, and organizations need to be cognizant of the fact that numerous foreign governments possess similar capabilities to conduct large-scale, devastating cyberattacks.
Attackers often take advantage of world events to increase their use of phishing, social engineering, malware delivery, and numerous other nefarious attacks. Foreign, state-sponsored adversaries have long possessed cyberwarfare capabilities, and the COVID-19 pandemic has opened the door for more widespread infrastructure vulnerabilities that bad actors are exploiting.
Although these incidents account for a small percentage of overall breaches and incidents, they’re one of the highest concerns for CIOs and CISOs as ramifications remain unclear. To effectively combat future cyberthreats and safeguard sensitive data from foreign state-sponsored hackers, organizations across government, private, and critical infrastructure entities need to take a proactive approach to security to adequately defend infrastructures.
Create a Foundation Around Cybersecurity with Proactivity
Government-sponsored attacks have been a recent, recurring theme that are transpiring at local, state, and federal levels. While most data breaches are monetarily and publicly debilitating, costing an average of $8.64 million in the U.S., breaches stemming from state-led or -sponsored cyberattacks can be exceedingly costly from a national security standpoint.
The U.S. government is currently ranked as one of the most prepared countries against cyberattacks by the Global Cybersecurity Index, with a .91 GCI score, but recent incidents have prompted new legislative action that force enterprises to take more serious action. Interestingly, cybersecurity spend in the U.S. government is anticipated to decrease in funding this year, and the Biden Administration’s $10.2B cybersecurity allocation in the $1.9T stimulus package was already trimmed to $2B.If these breaches can happen to the U.S. government – that institutes some of the most rigorous and intensive cybersecurity measures in the world – then it can be far easier to accomplish on a smaller scale to companies or local/state government entities that are utilizing private customer information.
In order to stop future foreign state-sponsored attacks, governments and organizations across all industries need to take a security-first mindset and intrinsically prioritize defense and countermeasures. This means that enterprises need to start thinking more like adversaries and anticipating how they would take advantage of current security protocols. An appropriately configured security monitoring solution that’s designed with continuous threat detection and has full visibility into the environment gives IT teams the opportunity to act before an intrusion turns into a damaging data breach.Identifying and addressing risks before incidents occur will not only improve procedures and defense systems against nation-state hackers, but also thwart off other threats of malware, ransomware, DDoS, and zero-day attacks from other cybercriminals.
Re-Evaluate Critical Infrastructure Defense
All organizations should be looking into operational risk, as this is a seriously overlooked attack vector. CISA cites 16 critical infrastructure sectors whose operations are vital to the United States’ “security, national economic security, national public health or safety, or any combination thereof.” This includes the communications, transportation, health care, energy, and emergency services industries, as well as government facilities and defense sectors.
According to ABI research, cybersecurity spending for critical infrastructure will increase by almost 10% in 2021, reaching $105.99 billion and adding $9 billion in defense measures. Over the past 20 years, CISOs have largely neglected operational technology and risk in industrial control systems by air gapping network security and physically isolating platforms from unsecured networks.While critical infrastructure has grown to be highly dependent on IT systems, helping to bridge the physical isolation gap, modern security protocols and technology still need to be more broadly implemented as remote access can occur.
Lagging detection and alerts can result in a disaster if confidential information is breached or compromised by foreign adversaries. Any organization leveraging technology to enable operations needs to ensure proper protection protocols are established, ranging from threat detection, preventative controls, and response controls to quickly thwart, contain, and eradicate attacks before potential catastrophes transpire.
Reassess and Review Current Security Measures
First and foremost, this needs to be an area that’s on security teams’ radars and prioritized as a main defense goal. CIOs and CISOs must take a step back and understand that numerous foreign adversaries are conducting state-sponsored hacking programs and possess advanced technical capabilities. Security leaders have to factor in what industry they are in, the customers they work with, and the nature of their business to determine how probable threats are for their organization. While the government may be the top target, it is far from the only one.
For any organization that is operating in a cloud environment, it’s critical that visibility is top of mind and that defenses can be comprehensively monitored in real time, particularly as remote work remains in effect. Additionally, a Zero Trust framework is now becoming a necessity, as it implements strict access controls and more effectively secures remote work. In light of increased cybercrime, Zero Trust is a critical component to cybersecurity that sweepingly minimizes user complexities for defense teams and unquestionably improves critical infrastructure sectors.
Most tactics to date haven’t been radically ingenious and most nations possess similar capabilities to access sensitive data. Some of this may be masqueraded in light of the COVID-19 pandemic, but by and large, these threats and attempts take advantage of vulnerabilities and gaps in security that can be detected by routinely evaluating security posture and establishing parameters that work to alert, mitigate and remove unauthorized access.
Integrating a Security-First Culture
While foreign state-sponsored cyberattacks occur much more infrequently than professional hackers deploying phishing, malware, or ransomware tactics, they can have far more severe consequences and need to be treated with the utmost seriousness. Foreign adversaries have proven that they have the capabilities and willingness to hack government agencies and public companies to procure significant information, which can be classified as cyberwarfare when coming from another country.
However, as there is currently a gray area for punishing cyberwarfare, these threats and attacks will continue to loom large for security teams of all types and must be factored into security infrastructure plans moving forward. While CISOs have a primary responsibility for elevating and overseeing security operations, enterprise leaders must take an equally firm approach in creating a security-first culture. Agency directors and CEOs will bolster critical infrastructure defense by actively promoting company-wide security measures that safeguard highly sensitive information.