|Carl Mazzanti is the president of eMazzanti Technologies in Hoboken.
|When business owners think about cybercrime, it is easy to imagine a lone-wolf individual in a nearby neighborhood launching a hack or other digital attack. That still happens, but the threats increasingly originate overseas, often with government backing. This was amply illustrated when I recently reviewed the FBI-maintained “Cyber’s Most Wanted” site, which looks a lot like the “Wanted” posters frequently found in post offices and police stations.
One “Most Wanted” box listed the “Russian FSB Center 16” – a successor to the KGB. Another was labeled “Chinese PLA Members, 54th Research Institute” – an arm of the Chinese military. Digital criminals with government ties from Iran and North Korea were also highlighted, reflecting the “Big Four” group of major international APT — advanced, persistent threat and other actors: APT28 (Russia), APT33 (Iran), Lazarus Group (North Korea), and APT41 (China).
This prompts two questions: Why are nation-states attacking businesses? And how can a business defend itself against an onslaught of hackers backed by the power of a major nation?
The Answer to “Why” Generally Falls into Three Categories:
- Access to information – China and other nation-state actors routinely try to tap into business records to steal trade secrets and other information. A study released earlier this year also found that a substantial percentage of North Korea’s cyber attacks are aimed at gathering information.
- Financial gain – Earlier this year, the U.S. Treasury Department issued an alert that the Trickbot Group of cyber criminals, which is “associated with Russian Intelligence Services,” has targeted businesses and other organizations. Then in February, charges against a Trickbot leader for bank fraud-related hacking were unsealed in the U.S. District Court for the District of New Jersey; and in April, Microsoft issued an updated threat alert noting that a nation-state group from North Korea, called H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries.
- Access – Getting into an organization’s sensitive data through a trusted vendor or other third party. Probably the most famous example of this was when hackers accessed a refrigerator contractor to gain entry to the data system of the national retailer Target Corp., compromising customer information from more than 40 million credit and debit cards.
David versus Goliath
The cyberwars waged by nation-states against businesses may seem like a David versus Goliath match, but even smaller organizations can mount a significant defense when they work with an experienced Cyber Security managed services provider. A successful strategy will leverage two prongs: human and digital. The human effort involves training to avoid phishing and other attacks that lead to the exposure of confidential information.
In a phishing attack, a cybercriminal will send emails or other messages that appear to be from a legitimate company to get employees to act in a certain way and reveal personal information, like passwords and credit card numbers; wire funds to wrong parties; open an infected attachment; or click on a malicious link. Besides using “spoofed” email addresses that appear to be from legitimate sources, hackers often strengthen their attacks with realistic-looking websites.
Businesses, however, can teach employees to recognize telltale signs of a phishing attempt: messages with a sense of urgency, slight errors in the sender’s email address or URL, poor grammar or spelling, or unsolicited attachments. Employees should also know what to do when they spot a phishing attempt, such as reporting it – whether the attempt was successful or not – to the appropriate security or other personnel to help ensure that other users in the organization will know to be prepared.
What About Third-Party Vendors?
As Target discovered the hard way, third-party vendors can also be a potential risk. Savvy businesses will vet their vendors by establishing procedures for regular check-ins and reviews to verify that vendors adhere to policies and contractual security requirements; and by requiring them to submit updated audits and security certifications at least annually. Businesses should also periodically send Cyber Security questionnaires to their vendors and, if feasible, conduct on-site assessments to ensure that their security controls continue to meet required standards. By proactively monitoring vendors, Cyber Security issues may be addressed before a breach occurs.
Start with MFA
On the digital side, defenses will typically start with multifactor authentication enabled across all connected devices. An MFA initiative can reduce the opportunity for identity fraud by requiring users to provide identity verification – like entering a code received via a mobile device – before they are granted access to an account or an app. Other digital defense strategies could include strong password policies and developing a blueprint to secure an organization’s domain name system, which identifies computers reachable through the internet or other internet protocol networks.
Considering the nature of the Big Four nation-state threat actors, businesses should also look into geofencing. This firewall-based feature automatically looks at the IP address of incoming traffic or network requests, identifying where the traffic originated, and allowing users to set up a digital barricade that blocks network traffic from specific locations.
Goliath-sized actors will continue to attack businesses and other organizations of all sizes. But companies that take proactive steps to guard their sensitive data will be able to stand tall and improve the odds that they can resist the onslaught.
MXINSPECT Email Defense
Complete Defense Against Today’s Email Threats
Passwords are no longer enough.