International conflicts are a breeding ground for cyberattacks – and we’re seeing this more than ever before amid the current political climate in Europe, with cyber tactics increasingly being used as a method to support a hybrid warfare strategy. Nations now view cyber as playing an essential role in achieving their geo-political objectives, says Zac Warren, Chief Security Advisor, EMEA at the cyber firm Tanium.
Given the UK’s involvement in current political sanctions, it’s not unlikely that we’ll continue to see an increase in cyberattacks on UK organisations – which could potentially target critical infrastructure. While we shouldn’t panic, it’s vital we are aware and prepared to ensure the UK has the best level of protection.
When a state becomes politically and economically isolated, it naturally becomes more dangerous. To compensate for economic losses, hackers are likely to begin targeting other countries – for both revenge and monetary gain. In practice, it’s likely that hacker collectives based in areas targeted by sanctions, many of whom are believed to be under state control, may look to siphon off valuable data from – and encrypt the servers of – UK-based companies.
These collectives are then likely to make large ransom demands to the victim companies. There is also a chance that data will not be decrypted regardless of whether the ransom is paid, as state-commissioned hackers often try and inflict maximum damage on their victims. Nation state ransomware attacks generally play out in three stages:
1.An attack will be launched with the goal of gaining access to critical systems and data. This will often begin with a phishing email being sent to staff that contains a malicious link.
2.If the target has proper security measures in place, the attack can often be prevented immediately. But if the attacker identifies a weak link, they will access important company data and begin encrypting it.
3.After a successful encryption, the attackers will commence negotiations with their victim – with most conversations taking place between the CISO and other leaders, or the cyber insurance company.
Don’t wait for a wake-up call – act now!
Many companies have rested on their laurels for far too long, postponing investments in security measures, but they can no longer afford to underestimate the ransomware threat. Fortunately, it’s not too late to take countermeasures and organisations need to ensure they invest more in security to ensure they have a preventative approach in place rather than a purely reactive one. To do so, companies should look to:
1.Improve overall cyber hygiene across the organisation. This is defined as a set of habitual practices for ensuring the safe handling of critical data and for securing networks.
2.Enable 24/7 visibility across the entire IT environment.
3.Create and/or improve data back-ups.
4.Implement control strategies to fix a vulnerability or data breach after it has been identified.
Improving IT posture
First and foremost, IT teams should collate a detailed inventory of all existing IT security measures, including elements such as patching and vulnerability scanning, to gather insight into where improvements need to be made in the event of an emergency. Businesses should also inform all employees of the situation and ensure they are more vigilant than usual – with a particular focus on identifying phishing emails and avoiding employee errors.
All employees should be trained on the correct way to approach an emergency. A well-thought-out crisis plan should be drawn up and communicated throughout the company. The reliability of preventative measures should also be tested – this includes checking the functionality of data backups to ensure they can provide a quick resumption of day-to-day business should the worst-case scenario occur.
If a data backup has not yet been set, then this should be implemented immediately. A watertight backup strategy isn’t cheap – but to get the best protection possible they do need to be conducted regularly. However, not all data is mission critical. Therefore, IT teams need to identify which data is relevant and where it is stored as a first step, so that it can be quickly protected if a breach occurs. They can then create a suitable and isolated server area and design a schedule for regular backups.
A good IT strategy also involves detecting potential vulnerabilities across the entire IT estate. Crucial to this is visibility of all endpoints (devices connected to the corporate network) and how they communicate with each other. After all, you can’t protect what you can’t see – and real-time visibility of the entire corporate network is invaluable when trying to prevent future cyber-attacks.
Looking forward
Although we are amid conflict-ridden times, the political situation in Europe currently is marking a turning point for cybersecurity consciousness across the world. We must face the painful reality that neither peace nor security can be taken for granted and it requires constant efforts to maintain them. It’s clear that companies should be aware of changes in the political landscape and take careful precautions to be ready if the frequency and sophistication of attacks increases.
Failure to prepare is likely to put organisations in a vulnerable position. To counter this, they should act now to ensure preventative measures are in place – only by doing so will they be prepared in the face of an intensified threat situation.
