State-sponsored hackers are targeting private organizations and there’s no sign of them stopping anytime soon
In May 2017, over 200,000 computers across 150 countries were infected with WannaCry, a ransomware cryptoworm that crawled its way into Microsoft computers and encrypted files on PC hard drives. Victims couldn’t access their files and were served a ransom notice demanding $300 in bitcoin to decrypt the files.
While any cyber-attack is a cause for concern, this one was particularly notable because it affected a number of high-profile systems, including many in Britain’s National Health Service. No organization took responsibility, but the U.S., among other countries, has claimed that the North Korean government was behind the attack.
The WannaCry ransomware cyber-attack is just one of several apparently state-sponsored cybercrimes that have wreaked havoc across the globe in the past several years. Worse still, these kinds of attacks are on the rise. Now more than ever, it’s crucial that organizations take cybercrimes—especially nation-state cyber-attacks—seriously.
Who’s at risk for a nation-state cyber-attack
A company of any size is a potential target for cybercriminals, but there are a few industries that top the “hacker hit list.” The finance industry is an obvious target, but healthcare and education organizations that carry personal and financial information on their patients and students, respectively, are at risk as well. Manufacturing companies are also very susceptible to cyber-attacks, as their intellectual property is extremely valuable.
While any cybercrime against a company is a substantial threat, state-sponsored cyber-attacks do have some important distinctions. Most hackers attack for financial gain or to boost their own egos, but many nation-states hack to create chaos. Their well-funded attacks have a clear agenda, whether it’s spreading their political propaganda or taking down an entire country’s power grid. Airliners and airports that have location-based information, like air traffic data, are more prone to state-sponsored cyber-attacks, as are companies with larger, harder-to-defend IT infrastructures.
Think your organization could be a potential target? Here’s how you can protect your company against a nation-state cyber-attack.
Think like a nation-state hacker
In order to know if and when a state-sponsored hacker will attack, it’s important to first understand how they operate.
Nation-state hackers typically operate in groups to carry out their missions. These actors are often government employees who have been recruited based on their specific set of skills. Feeling a sense of obligation to their country or cause, they’re willing to work diligently for months or even years to carry out their mission.
Once organized and given their assignment, nation-state hackers use a variety of tactics to break into a company’s system, whether it’s phishing emails that trick unaware employees into clicking on a malicious link or by stealing information using stolen login credentials. These hackers also take advantage of open-source intelligence that’s publicly available via newspapers, magazines, the Internet, or government reports, as well as content from the “Deep Web” and “Dark Web.”
While these cyber-attacks are complex and take time to carry out, their malicious behavior is sometimes predictable and can often be avoided by carrying out basic security procedures.
Stay proactive
Here are a few simple security measures every organization should take to protect their company and their customers from nation-state hackers.
- Keep software up-to-date. Instead of relying on employees to keep their computers updated, install automatic updates across all company technology. You can schedule these updates to occur outside of normal working hours, so you never have to worry about an employee hitting the “install update later” button.
- Manage user credentials. A whopping 81 percent of data breaches are attributed to the misuse of valid credentials. To reduce the chance of hackers getting ahold of this information, enable multi-factor authentication for passwords and remind your employees that they should not share their login information with other colleagues. Also, be sure to vet all third-party vendors before partnering to ensure they know how to handle your data correctly.
- Monitor effectively. If you don’t actively monitor your network, you’ll be oblivious to suspicious activity and potential threats. Products like CyberGuard360’s Advanced Cyber Event (ACE) appliance go beyond network level monitoring (NLM) to analyze changes in a network over time and inform team members when data is exposed via unprotected resources.
Stay prepared for nation-state attacks
No company wants to be the victim of a nation-state cyber-attack or any cybercrime, but having an incident response plan for times of need is crucial, as some hackers can infiltrate an entire network in as little as 20 minutes. As the saying goes, it’s better to be safe than sorry.
The US National Counterintelligence and Security Center (NCSC) has also released a set of videos and other educational tools to equip organizations with the knowledge they need to stay protected against nation-state cybercrimes. We suggest companies thoroughly review these materials and share them with their employees, so everyone is aware of the best safety practices.
While nation-state cyber-attacks are growing, companies can stay protected by knowing the risks, implementing the right safety measures, and staying informed.