Richard Hanlon, EMEA Managing Director, Aon’s Cyber Solutions on the rapid growth of nation state sponsored cyber-attacks and why every business is at risk even if they’re not the original target.
Cyber-attacks have rapidly evolved from what started as almost recreational – albeit illegal – activities perpetrated by individual hackers seeking fame and notoriety, to today where we see highly sophisticated and advanced cyber threats from state sponsored actors indiscriminately injecting malware into applications where the victims are very often the unintended target of such attacks.
Cyber warfare on the rise
Cyber warfare conducted by nation states is growing both for defensive and offensive purposes. A recent report by Thomson Reuters found that 22 countries are suspected of sponsoring cyber operations1. And while most organizations may not be the intended targets of those state sponsored cyber-attacks, they often suffer the consequences simply because they have vulnerabilities exposed through malware and ransomware demands.
Spreading cyber chaos
The problem for global businesses when considering their vulnerability to this form of nation state supported cyber-attack is that they are simply too interconnected. Information security can be so complex and attack surfaces too broad to protect against determined state-trained hackers bent on achieving their goal, which may intentionally or accidentally include releasing the next world-shaking computer worm. We now have threats moving stealthily across a rapidly morphing cyberwar battlefield that can – and do – spread chaos across the world economy. The physics of cyberspace are far more complex than any other war domain and the most difficult to defend against because of its volatile nature and the way the threat rapidly scales up in size.
Don’t be the unintended victim
For businesses and other organizations, the lessons learnt from these attacks is the need to double down on their own cyber security. In many cases, the organizations who have fallen victim to state sponsored cyber-attacks are those who have ignored published threat intelligence and failed to take simple basic IT actions such as installing the latest Microsoft security patches and other software updates. Cyber-attacks generally follow the path of least resistance and every business needs to ensure that they are not the weakest link. Your business may not be the designated target of a state sponsored cyber-attack but it could easily end up being the unintended victim.
Recommendations
CJ Dietzman, Managing Director for Aon’s Cyber Solutions discusses recommendations for organizations, originally published in, “Client Alert: Iranian Cyber Threats“.
Heightened geo-political tensions can create dynamic cyber risks depending on your business environment. Aon supports clients in diverse industries to help mitigate these threats and risks. At a minimum, we recommend prioritized focus on the following areas, which Aon’s Cyber Solutions can assist clients with immediately:
■ Redouble Efforts for Vulnerability Management Across All Critical Technologies and Platforms: Now is a good time to perform scanning, analysis and testing for vulnerabilities in the environment. Does the organization have a holistic approach to identifying, analyzing, remediating, and tracking weaknesses and “holes” across the environment?
■ Implement Threat Monitoring for the Organization: Monitor for security anomalies, suspicious or malicious behavior, and advanced persistent threats. Does the organization have a holistic approach to identifying, analyzing and addressing these threats on an ongoing basis?
■ Incident Response Planning is Key: Is the organization prepared for a cyber incident or breach, including the type of attacks that have been attributed to Iran over the past few years? Have key processes, accountability, roles, responsibilities, partners, and tools been evaluated, defined, tested, and updated? Does the organization have relationships with Incident Response and Digital Forensics providers? When was the last time a Tabletop or other “test” of current plans and processes was performed?
■ Execute a Prioritized and Accelerated Assessment of Key Controls: In consideration of historical Iranian-attributed cyber attacks, has the organization implemented appropriate preventative, detective and recovery controls? Is there sufficient ongoing testing, monitoring, and continuous improvement of these controls? This should include consideration of threats such as denial of service attacks, malware, phishing, account takeovers, and attacks on infrastructure and network vulnerabilities.
■ Ensure that Restricted Access Controls and Mechanisms are Optimized: Has the organization sufficiently restricted access to systems, networks, applications and data? Have Multifactor Authentication, Privileged Access Management, and other critical Identity and Access Management (IAM) controls been reviewed and validated recently?
■ Consider Critical Third Parties: The organization should inquire and evaluate what its most critical third parties, supply chain and business partners are doing in consideration of Iranian cyber threats.
■ Reinforce Security Awareness and Training: Revisit and enhance the measures that an organization has in place to continuously influence human behavior related to cyber security risks and threats. Do key personnel know “what to be on the lookout for,” and do they know “what to do” in the event of a suspected incident?
