• Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • About
  • Contact Us
  • Newsletters
  • Tech Guide
  • Cyber War
  • Pro
  • Members Only
  • Sign in

CTOvision.com

Context for the CTO, CIO, CISO and Data Scientist

You are here: Home / Cyber War / Are you ready for a state-sponsored cyber attack?

Are you ready for a state-sponsored cyber attack?

January 4, 2017 by Junaid Islam

Share this:

  • LinkedIn
  • Facebook
  • Twitter
  • Reddit
  • Email

Geopolitical tensions ensure that 2017 will be another big year for state-sponsored cyber attacks.  The lethality of state-sponsored attacks derives from their ability to bypass security point products by combining device, network and data center vulnerabilities into an integrated assault.  Another aspect of state-sponsored cyber attacks is their willingness to patiently creep from organization to organization to get to their target.

Irrespective of the lethality of state-sponsored cyber attacks, it is a mistake to think that there is no way to stop them.  If your organization has something of value to a foreign government here are five cyber attack counter-measures you should be implementing.

Verify User Identity

Phishing to steal credentials is the #1 technique used by foreign governments to gain access to sensitive data.  Why? It works.  The bigger an organization, the greater the number of supply chain partners, the easier it becomes for cyber attackers to steal credentials.   

The foundational security control to stop credential theft is 2 factor authentication.  To make it less painful, you can extend the session timeout to a full workday.  To protect more sensitive business critical apps, consider a certificate-based VPN that binds the user identity to their device.  While it is possible to steal a certificate, as soon as you have 2 connections from the same cert you instantly know there’s a breach.

Check Device and Server Software

Right after identity theft, malware is the next favorite cyber attack technique.  Installing malware on user devices and Internet accessible servers has become commonplace today.   There’s now a robust international marketplace for zero-day attacks and server exploits.

Malware detection software has greatly improved in recent years so there’s no reason not to implement it.  Code signing has been around for a while but IT organizations don’t like setting up PKI services to generate and verify digital certificates. However this is a critical control for any large organization. 

Match Authorization to Role

The OPM cyber attackers utilized non-active contractor account to gain access to the data center.  Unfortunately, most organizations maintain non-active accounts for tax purposes even thought users don’t need access to the data center.

Make sure the authorization level matches the role of the user.  If you need to keep identities active for tax or retirement purposes, consider migrating non-active accounts to externally hosted identity services and allowing access only to partitioned services.

Protect Data Encryption and Virtual Desktops

Many IT managers assume that by encrypting data or putting it behind a virtual desktop they are safe they are safe from theft. Unfortunately, most data encryption systems automatically decrypt data for authorized users.  Additionally, virtual desktop solutions are vulnerable to the same server exploits and data center attacks as regular PCs.

To protect against a state-sponsored cyber attack, data encryption and virtual desktop solutions need the same protections against credential theft and lateral movement that Internet accessible systems have. Implement access controls and network partitions to protect high value data encryption and virtual desktops. 

Partition Supply Chain Resources

Most Fortune 500 companies have outsourced some aspect of their mission critical operations to a supply chain partner.  Unfortunately, when partner personnel have all the same internal access as employee’s traditional perimeter security systems are of little value.  It gets even worse when one considers that most outsourcing companies outsource their activities to other outsource companies.

Partition your data center so resources accessed by supply chain partners have no lateral access to sensitive data.  One strategy that has been successfully used is migrate partner apps to a public cloud and utilize a secure application-layer connection back to the data center.  This way if there is a breach, it’s contained to a public cloud.

We can’t stop foreign governments from attacking the US but we can stop the attacks from being successful!  We now have enough data on their techniques to design counter-measures. We need to implement them.

 

  • About
  • Latest Posts

Junaid Islam

Member at OODA
OODA is an organization of technology experts who have supported US national security missions.

Latest posts by Junaid Islam

  • The Internet Has A New Problem: Repeating Random Numbers! - February 18, 2019
  • AWS Snowball Edge And Hyper Converged Infrastructure Will Revolutionize Global Enterprises - August 1, 2018
  • Smart Cities Cybersecurity Challenge - July 17, 2018

Related

Filed Under: Cyber War, News

Start Your Free Two Week Trial of CTOvision Pro



CTOvision Pro is our subscription only research and analysis service which provides exclusive content to enterprise IT professionals. We deliver actionable insights that will make direct contributions to your success.

About Junaid Islam

OODA is an organization of technology experts who have supported US national security missions.

Primary Sidebar

Your account

Sign in

Featured Content

The Internet Has A New Problem: Repeating Random Numbers!

Ethical Concerns of AI

CTOvision Assessment on the Megatrend of Cloud Computing

AWS Snowball Edge And Hyper Converged Infrastructure Will Revolutionize Global Enterprises

Smart Cities Cybersecurity Challenge

Inform Your Cybersecurity Strategy With Lessons From July 1861

Secure Enclave Vidder Junaid Islam

Secure Enclaves: Foundation For The Cloud-Based Enterprise

CTOvision Assessment On The Megatrend of Artificial Intelligence


OODA

CTOvision Pro Free Trial

CTOvision Pro Members Only Section

Disruptive IT finder

CTOevents

CTOvision Mobile

CTOvision Newsletterss

Footer

CTOs on Facebook
CTOs on LinkedIn

CTO Events
CTOvision Mobile App

Free Newsletters and Tech Reports
CTOVision Pro: Exclusive Content
Crucial Point LLC

Copyright © 2019 · Magazine Pro on Genesis Framework · WordPress · Log in

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.