Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
The New Nation-State Normal
Cyber attacks sponsored by nation-states are here to stay. If you want your organization to be here to stay, you'd best prepare for the worst.
Curtis Franklin, Principal Analyst, Omdia
June 26, 2017
4 Min Read
<p.When it comes to weapons, military organizations lead the way. Look at any weapon currently used in civilian law enforcement, personal protection, hunting or sports, and you'll see something that can trace its roots back to the battlefield. That same progression has made its way to the networks and computers on which we work.
If you've looked at the news in the last six month or so, you know that there is compelling evidence that hackers in, or sponsored by, Russia launched a sustained attack against the US federal election in 2016. In December 2016, the power grid in Ukraine's capital Kiev was hit by hackers from Russia in a successful attack that disrupted power to the city for two days. According to a superb article in Wired, the attack in Ukraine was just a taste of what we should now think of as the "new normal."
What, precisely, are security professionals to make of all this? The general public seems split between two responses. Either they're taking their panic in the direction of off-grid "prepper" bunkers away from the Internet and the coming collapse of civilization, or they're pretending nothing is happening because it's so scary and complex that they just can't think about it. Security professionals don't really have the option of doing either, so what is to be done?
Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.
I think the first thing to do is decide whether your organization is likely to be a direct target of nation-state attacks. To be honest, if you're in a business like critical infrastructure then you've already got plans in place to fend off and respond to the kind of hacks that take down power grids and financial systems. The real urgency comes for businesses that aren't obvious targets. There are three levels of concern with a different set of responses for each.
Level 1: The critical infrastructure you depend upon is hit
So you're not a bank or an electric utility but you probably use the services of at least one of each, and your business would suffer if you couldn't use those services. How do you prepare? Redundancy is your friend. And remember, we're not just talking about multiple paths into a single point of failure: While you're always going to have primary relationships in finance and other services, have secondary providers in place with as much geographical and logical space between primary and secondary as possible.
For the electric power grid, by the way, this means that your secondary is a generator with a lot of fuel and a careful maintenance plan. For internet access, it's a second provider that uses a different upstream provider than your primary. And your secondary bank should be part of a different Federal Reserve region than your primary. When it comes to redundancy planning, paranoia is a virtue.
Level 2: You're not a direct target, but you become "collateral damage"
Some cyber weapons are sniper-like in their precision. Others are more like shotguns or hand grenades. If the second type of weapon is in use, then your systems could be hit and damaged even if they're not the primary target. To prepare yourself, make sure you have a solid backup and recovery plan and look carefully at business continuity services with a well-defined "big red switch" for moving your operation.
It should be noted that most of the "big hacks" take advantage of un-patched vulnerabilities that have existed for some time. In most cases, the vulnerabilities have been patched, but the victims have not applied the patches or updates. Your strategy: Patch and update as quickly as possible. If you have critical applications that depend on particular features of older operating systems, then have an emergency sandbox procedure in place to allow for rapid trial and updates. And for heavens sake, have your perimeter defenses in place and up to date. They really do matter.
Level 3: You become a direct target
Welcome to the big league! You're going to be fending off a zombie horde with nothing more than your pluck and spunky determination, so hunker down and get ready. Assuming you've done everything mentioned in levels 1 and 2, then your call here is to partners: Your ISP, your CASB provider and your cloud partners. Let them know what's going on (though they'll likely know that somethingis wrong), and enlist their help in fighting it. Better yet, have plans in place to call on them and rehearse those plans a couple of times a year.
While it's unlikely that you'll escape completely unscathed if you find yourself a target, you can minimize the damage and keep the business afloat; you just have to plan for the worst and be willing to declare an emergency as early as possible. Don't let pride become the anchor that sinks you in a nation-state cyber storm.
Read more about:Security Now
About the Author(s)
Senior Analyst, Omdia
Curtis Franklin Jr. is Senior Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes
Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.
Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.
When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024