In today’s cyber threat landscape, it’s not just the military-industrial and defense industries that have a legitimate reason to be concerned about cyber terrorism and state-sponsored cyberattacks. Attacks from state-sponsored sources have significantly increased over the past few years. If you examine the report from the Center for Strategic & International Studies Significant Incidents Summary, the number of attacks that are known to be associated with state actors is truly alarming, and even more so when you consider the year-over-year increase of these attacks against business targets. Whether businesses are critical infrastructure, financial services, healthcare, or even just retail services; targeted attacks against your organization could occur in an attempt to disrupt the U.S. economy and warfighting capabilities.
Many are downplaying the Iranian cyber capability, but evidence shows they should not be taken lightly in this regard. Iran has spent significant funding and time building its cyber capability since 2011. Many believe this was in response to the Stuxnet attacks which targeted and significantly impacted their uranium enrichment programs at the time. As both the recent attacks on Atlanta and the serious tone of the DHS warning provide evidence to support, they have been successful in building a strong capability. As an industry, we should be taking a serious look at this threat and ensuring our businesses are ready to detect and respond to this threat in a timely and effective manner.
Businesses should consider immediately implementing the following measures to ensure they are ready for this kind of attack if they believe they could be a target for cyber terrorism or state-sponsored cyberattacks.
- Implement multi-factor authentication for all users. The technology to support this change is included in most of our major software suites today and can be implemented with relatively minor impacts on business. However, it can make a big impact on attackers’ abilities to use stolen credentials to maintain access to enterprise assets.
- Ensure deployment of effective and up-to-date endpoint detection and protection capabilities. Traditional anti-virus is simply not enough today. Ensure you have effective Endpoint Detection & Response (EDR) tools deployed and can monitor and respond to those threat alerts to your environment in a timely manner.
- Minimize exposure to business assets from external sources. Any asset which does not need to be exposed to, or allowed access from external sources should be properly segmented off from that kind of connectivity. Ensure unnecessary ports and services are disabled on external-facing servers, remove the low hanging fruit.
- Educate and inform users of potential threats. User education should be considered standard practice for enterprise business today. However, regular updates on threat postures are not usually commonplace. This is something to consider so that it is at the forefront of your users’ minds when your threat level is potentially elevated.
by Jordan Mauriello | SVP of Managed Security
January 19, 2020