With the tensions in Iran escalating over the past few weeks, nation-state cyberattacks have been on the forefront of government agencies’ minds. For the last decade or so, the same attacks have wreaked havoc around the world and have targeted critical infrastructure such as power grids and industrial control systems.
However, government agencies and critical infrastructure are not the only entities at risk. At one point in history, cyberthreats targeting government agencies looked different than those that plagued the private sector. Over time, the line separating attackers pursuing these two targets has blurred.
Adversaries attack when they have the best chances of succeeding, with application vulnerabilities and websites increasingly becoming targets as well. There is no “one-size-fits-all” method for attackers, whether they are attempting to conduct a nation-state attack or not. While all organizations should take steps to shield against nation-state cyberattacks, the following industries are most at risk: healthcare, financial services, oil and gas, and retail.
A recent survey revealed 94 percent of private sector organizations claimed that they have experienced a cyberattack over the past 12 months, with one third being hit daily or once a week. Education, retail, and banking and financial services were the sectors reporting daily attacks. One in five of these organizations in these industries revealed hackers were looking to steal information.
Staying ahead of nation-state attacks is fundamentally a matter of taking the necessary steps seriously and using our vigilance to limit the impact of an attack when it happens. While nation-state attacks can be very complex to defend against, it is possible to protect your organization. Here’s a few steps your organization can take:
1. Enhance employee cybersecurity awareness programs
One of the most important steps an organization can take to mitigate their risk of cyberattacks is to practice collaborative efforts by implementing a ‘Cybersecurity Awareness Program’ in your organization. Reminding all employees to be careful and practice smart cybersecurity habits at all times helps emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. A few steps to incorporate into an awareness program include:
- Incorporating security training into the onboarding process when hiring new employees and conducting security training at minimum once a year.
- Strengthening passwords, using a password manager and implementing multi-factor authentication will better protect business and personal assets.
- Reminding employees never to open links from emails, especially from individuals who they may not know, and never to put in an unknown flash drive into a device.
Even those these practices may seem small; they can really go a long way in keeping organizations and personal assets better protected.
2. Require vendors to show their work
Ask any other organization or vendor that your business partners with to provide evidence about the security solutions, processes and policies used to create their applications. After all, even if your company is taking all the steps necessary to protect themselves, partnering with an organization that does not take cybersecurity seriously can still leave your company at risk.
Take for example the LabCorp and Quest Diagnostics breach in June of 2019, which left 11.9 million records exposed. Sensitive information including birthdates, addresses, phone numbers, names and more ranging from August of 2018 to March of 2019 were all exposed. Both companies ultimately were compromised due to American Medical Collection Agency – a vendor both companies had in common. Therefore, it is vital to ensure that partners are also protecting themselves as well and can prove that they are taking cybersecurity protection measures to do so.
3. Enlist the help of a cybersecurity company
In light of the current geopolitical and cybersecurity tensions, WhiteHat Security would like to remind organizations in the public sector that they are here to help. Specifically, WhiteHat has the following solutions for organizations to take advantage of :
- WhiteHat Sentinel Dynamic – This cloud-based SaaS platform accurately and rapidly finds vulnerabilities in websites and applications throughout the software development lifecycle (SDLC), including in production
- WhiteHat Sentinel Source – WhiteHat’s SAST product delivers a fast, automated service that scans application code, identifies vulnerabilities and provides detailed vulnerability descriptions and remediation advice
For more information on protecting a private sector organization against nation-state attacks, please visit: www.whitehatsec.com