Sir John Sawers, the former head of MI6, spoke at the Digital Transformation EXPO in London in 2019. During his keynote, he explained that global state-sponsored cyberthreats are expanding in number and weaponry. This should ring alarm bells for CISOs and businesses globally. Sir Sawers also highlighted the US’ unpredictable behavior under President Donald Trump and the critical role all enterprises must take in protecting themselves.
State-sponsored threats are on the rise globally; enterprises must acknowledge that they could also be targets
Enterprises need to remember that politics plays a significant role in their day-to-day operations. As nations try to compete in new ways, they may entertain thoughts of damaging another economy to advance their position through attacking industries or enterprises—the internet is the new battleground. The former British defense secretary Gavin Williamson said, “We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyberattacks.” He added, “Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponizing information.”
States trying to influence each other have been increasingly using the power of their economies to leverage their positions. The US has targeted China and North Korea, and it has recently threatened its former ally Turkey with sanctions. It’s easy to forget that the WannaCry ransomware attack in May 2017 originated by state-sponsored hackers from North Korea, which targeted organizations and companies worldwide, including the British National Health Service. To add to this, in March 2018, the US cautioned against Russian state-sponsored threats following the charging of nine Iranian nationals for a campaign targeting more than 144 US universities. The US in 2018 also indicted two Chinese nationals, Zhu Hua and Zhang Shilong, for global computer intrusion campaigns that targeted more than 45 US tech companies and government agencies.
State-sponsored threats are very much real, and they’re coming after enterprises. The reality of this became truly evident when, on 28 October 2019, a huge cyberattack knocked out more than 2,000 websites and the national TV station in the country of Georgia. Enterprises need to be ready because they can’t rely on the state for security—the state has other interests to protect. Keir Giles, an expert on Russian security at Chatham House, clarified the danger of state-sponsored cyberthreats by making it clear, “The new era of warfare is already here; this is what Russia has been practicing hard for.”
State-sponsored threats can be costly; you can’t afford not to be prepared
The actors behind state-sponsored cyberthreats are bold, and the evidence is plentiful. The NotPetya cyberattack started in 2016 and rapidly spread to several countries, including the UK, the US, France, Germany, Italy, and Poland. One of the first victims was the National Bank of Ukraine. NotPetya’s speed allowed it to penetrate many organizations, ultimately taking a toll of more than $1.2 billion (£850 million) on companies. Also, the WannaCry cyberattack cost the NHS £92 million ($150 million).
“Defense in depth” is the key to securing the enterprise; organizations must look to multiple providers to secure their interests
Sir John Sawers made it very clear that both firms and countries are going to have to invest independently to protect themselves against threats that are evolving at a rapid pace. Sir John explained that the best hope that enterprise has is a “defense in depth”(Defense in depth – multiple layers of defense)—enterprises need to understand what others want from them and what they need to protect. HFS research supports this stance—enterprises must identify and protect their critical assets.
HFS Research has previously advocated a defense in depth that consists of both perimeter and internal defense. Examples of perimeter defenses are firewalls and secured access to systems, such as with biometrics from companies such as Onfido, Aimbrain, and Block Armour. Internal defense consists of threat-hunting solutions, such as Infocyte Hunt, and behavioral analytics, such as the Darktrace solution Antigena.Enterprises can also use a managed security service (MSS) provider for security monitoring services. MSS providers often have partnerships with tried-and-tested specialist software providers that offer best-of-breed protection.
Protecting yourself from the individual is vital for enterprise security
Protecting yourself from the individual should be of paramount importance to enterprises; human error is a critical weakness for any organization. Frank Abagnale famously says that you’re only as secure as your weakest link, and that’s usually an employee. During the Digital Transformation EXPO, Sir John Sawers highlighted the importance of securing yourself from the individual, advocating the value of two-factor security to devices and systems. In combination with basic cybersecurity education, this could mitigate some state-sponsored threats.
Exhibit 1: HFS research shows that enterprises face more internal security breaches than external breaches, highlighting the importance of monitoring internal security policies
Source: HFS State of Security, 2018
The Bottom Line: Enterprises need to fortify their defense against state-sponsored threats, or suffer financial consequences
The increasing frequency of state-sponsored cyberthreats is a worrying prospect. The era of cyberwarfare has begun, and enterprises and industry are credible targets. As John Lyly famously noted, “all is fair in love and war.”
State-sponsored threats can be costly to both reputations and bank balances. CISOs should heed the advice of a defense-in-depth approach to their organization, looking toward multiple solutions that are both defensive and proactive. It’s no good trying to always outswim the sharks; sometimes you need to punch them on the nose. Moreover, while investing in tech solutions, we advise enterprises to also spend resources on staff. Human error is one of the biggest weaknesses in an organization’s defense, but through basic education, employees can become a mitigating asset in the constant battle for security. So, how can CISOs prepare?
- Seek service providers with their wealth of experience.
- Keep an ear to the ground for new and upcoming cybersecurity disruptors.
- Educate staff on basic security principles; make them an asset, not a liability.
- Employ a layered defense, and use both proactive and reactive solutions.