Back

B2G

In a World of Nation-State Attacks, Cyber Resiliency Matters

Rutrell Yasin

In the digital age, cyber warfare is prevalent; learn how cyber resiliency can protect you and your network.

The massive network hack of multiple government agencies and Fortune 500 companies, known as the SolarWinds hack, is a clear example of how nation-state adversaries can exploit software vulnerabilities in the supply chain to  access a wide swath of networks. 

According to CrowdStrike Services’ 2020 Frontline Report, state-sponsored adversaries attacked organizations of all sizes last year, including those with 500 to 50,000+ endpoints across 10 industries. Because they employ sophisticated attack techniques while leaving a smaller footprint, nation-sponsored attackers dwell longer in networks than the average hacker. 

“While the average hacker spent two to three months in a network before discovery, the average state-sponsored threat actor/group spent nearly two years in a network prior to discovery,” according to the CrowdStrike Services team. The team responded to numerous state-sponsored intrusions throughout 2020. 

The hackers—alleged to be Russian—who injected malicious code into SolarWinds Orion software updates moved with stealth through SolarWinds customers’ networks for nine months before discovery. One of the biggest cyber espionage campaigns in recent history impacted 18,000 SolarWinds customers, according to the company’s SEC filing. 

What is Cyber Resilience and How Can It Help? 

So, what can be done? How can government agencies, companies, and educational institutions incorporate cyber resiliency into their information, network, and cyber security strategies? 

Cyber resiliency is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources,” according to the National Institute of Standards and Technology (NIST) publication Developing Cyber Resilient Systems: A Systems Security Engineering Approach. The publication can be used as a handbook for achieving the identified cyber resilience outcomes using a focus on system life cycle processes in conjunction with risk management processes. 

Chief Information Security Officers (CISOs) must focus on resilience to sustain operations in the face of attack, according to John Evans, Chief Technology Advisor, Public Sector, at World Wide Technology. Evans, the state of Maryland’s first CISO, thinks “resilience is making sure one has the right processes and systems in place to ensure we can recover in an acceptable timeframe and manner.” That means “making sure backups are in order and tested, and systems recover rapidly.” 

This requires a detailed, methodical approach, employing multiple layers of security to minimize damage and downtime at every level. “Persistent hackers will eventually find a way to get inside,” Evans said. ”The layers are intended to minimize what they can do once they hurdle a wall and enter your systems.“

Tools and Best Practices to Battle State-Sponsored Attackers 

CrowdStrike also recommends best practices for organizations to defend against nation state attackers that include: 

  • Establish strong IT hygiene with an asset inventory and consistent vulnerability management. 

  • Protect your cloud infrastructures and workloads. 

  • Establish a plan for a coordinated remediation event (CRE), which is a procedure to remove a threat actor from a network in one fell swoop. 

  • Develop a long-term relationship with law enforcement agencies. 

Meanwhile, NIST released Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, which offers a set of tools designed to counter the efforts of state-sponsored hackers. 

The fact is, cyberwarfare is happening all around us with weapons we can’t see. As Ron Ross, a computer scientist and a NIST fellow, said: “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.” 

CISOs across government and industry need damage limiting system architectures and more cyber resilient systems that give them the confidence to continue operations as their organizations face all types of cyber threats.

Yes& is providing proactive public relations, content development, social media, and thought leadership to organizations  at the forefront of cyber defense and protection. Visit our website to learn more about how Yes& supports organizations with these content marketing efforts.

Yes& is the Washington, DC-based marketing agency that brings commercial, association, and government clients the unlimited power of “&” – using a full suite of branding, digital, event, marketing, public relations, and creative capabilities to deliver meaningful and measurable results.

Let’s talk about what the power of "&" can do for you.

Rutrell Yasin
Rutrell Yasin
Writer/Strategist

More Insights

You might also like these articles. Sign up for our monthly newsletter for updates, insights and general tomfoolery.

SUBSCRIBE

B2G Associations Non Profit Culture Government

Robert W. Sprague

A new way of working demands a new vocabulary. As marvelous as Zoom and other videoconferencing platforms are, a surfeit of technical glitches and user errors accompanies the typical call. The author modestly proposes the following terms to describe our common experience—and common misery.

Marketing & PR B2G Associations Healthcare Non Profit

Mel Echenique

Women’s History Month is the time of year when we look back on the whole of history and tell the stories of women who shattered the glass ceiling. Names like Cleopatra, Joan of Arc, Rosa Parks, Clara Barton, Ruth Bader Ginsburg, and Princess Diana come to mind. These were women in the public eye. They are very much giants in history. However, it is important to note that glass is easier to shatter when it is already cracked.

B2G Associations Non Profit Culture Government

Carmel McDonagh

To say that the COVID-19 pandemic has disrupted life and wreaked havoc across the world is an understatement. Millions of Americans have lost their jobs, and more than 500,000 have lost their lives, to this deadly virus; while virtual offices and classrooms, masks, and social distancing are the new normal.

Yes& News Video Creative B2G

Yes&

Yes& demonstrates how trusting client partnerships lead to elevated storytelling, increased visibility, and award-winning visuals.