Addressing Nation-State Cyber Security Threats to the Enterprise
Years ago, nation-state threats could generally be identified by their location. Nation-state actors - hackers that directly support national governments or those that are organized crime entities hired by a national government - have become progressively more sophisticated. Increasingly, they pirate servers and equipment in a victim's backyard, making it increasingly difficult to identify them or their actual location.
"Despite these challenges, there are steps that CISOs can take to detect nation-state intruders. A good starting point is by defining the "normal" state on your company's network, said Bryce Austin, CEO, TCE Strategy.
Companies can begin to define normal network operations, in part, by having tools on their network to help them define what sort of traffic they have on the network, the source that is behind the traffic, and where it is headed," said Austin.
Beyond that, a new generation of network firewalls created by companies such as Palo Alto Networks are demonstrating their worth in real-world scenarios, said Austin. "We usually don't hear about successful stoppages in the news because no one likes to talk about how they were almost breached but were able to thwart the attack," said Austin.
To communicate nation-state threats to the board of directors and the level of preparedness that a company has to deal with such threats, Austin advises ensuring that CISOs have an ongoing relationship with law enforcement, and an incident response plan on when and how to partner with law enforcement on nation-state threats.
"It's also critical to help the board understand what the potential liabilities are to the company from this type of threat," said Austin.
Threats can take many forms, from loss of confidential data, fines from regulation violations, lawsuits from those impacted by a breach, an overall loss of the value of the company (such as Yahoo), and general reputational damage. Sometimes the risks are more specific. For instance, Austin points to a food manufacturer that was in negotiations to be acquired. The company's emails were hacked by a nation-state actor from the potential acquirer's homeland to try to determine what share price the food manufacturer might be willing to accept for an acquisition.
"Cyber security is about preventing those that would use your data or your systems to gain an advantage over you. That advantage is often about much more than just money. My role is to help my clients prevent criminals from gaining that type of advantage."
To learn more about top cyber security trends and best practices, check out our upcoming New York and San Francisco CISO summits.