In the digital age, cyber warfare is prevalent; learn how cyber resiliency can protect you and your network.
The massive network hack of multiple government agencies and Fortune 500 companies, known as the SolarWinds hack, is a clear example of how nation-state adversaries can exploit software vulnerabilities in the supply chain to access a wide swath of networks.
According to CrowdStrike Services’ 2020 Frontline Report, state-sponsored adversaries attacked organizations of all sizes last year, including those with 500 to 50,000+ endpoints across 10 industries. Because they employ sophisticated attack techniques while leaving a smaller footprint, nation-sponsored attackers dwell longer in networks than the average hacker.
“While the average hacker spent two to three months in a network before discovery, the average state-sponsored threat actor/group spent nearly two years in a network prior to discovery,” according to the CrowdStrike Services team. The team responded to numerous state-sponsored intrusions throughout 2020.
The hackers—alleged to be Russian—who injected malicious code into SolarWinds Orion software updates moved with stealth through SolarWinds customers’ networks for nine months before discovery. One of the biggest cyber espionage campaigns in recent history impacted 18,000 SolarWinds customers, according to the company’s SEC filing.
What is Cyber Resilience and How Can It Help?
So, what can be done? How can government agencies, companies, and educational institutions incorporate cyber resiliency into their information, network, and cyber security strategies?
Cyber resiliency is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources,” according to the National Institute of Standards and Technology (NIST) publication Developing Cyber Resilient Systems: A Systems Security Engineering Approach. The publication can be used as a handbook for achieving the identified cyber resilience outcomes using a focus on system life cycle processes in conjunction with risk management processes.
Chief Information Security Officers (CISOs) must focus on resilience to sustain operations in the face of attack, according to John Evans, Chief Technology Advisor, Public Sector, at World Wide Technology. Evans, the state of Maryland’s first CISO, thinks “resilience is making sure one has the right processes and systems in place to ensure we can recover in an acceptable timeframe and manner.” That means “making sure backups are in order and tested, and systems recover rapidly.”
This requires a detailed, methodical approach, employing multiple layers of security to minimize damage and downtime at every level. “Persistent hackers will eventually find a way to get inside,” Evans said. ”The layers are intended to minimize what they can do once they hurdle a wall and enter your systems.“
Tools and Best Practices to Battle State-Sponsored Attackers
CrowdStrike also recommends best practices for organizations to defend against nation state attackers that include:
-
Establish strong IT hygiene with an asset inventory and consistent vulnerability management.
-
Protect your cloud infrastructures and workloads.
-
Establish a plan for a coordinated remediation event (CRE), which is a procedure to remove a threat actor from a network in one fell swoop.
-
Develop a long-term relationship with law enforcement agencies.
Meanwhile, NIST released Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, which offers a set of tools designed to counter the efforts of state-sponsored hackers.
The fact is, cyberwarfare is happening all around us with weapons we can’t see. As Ron Ross, a computer scientist and a NIST fellow, said: “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
CISOs across government and industry need damage limiting system architectures and more cyber resilient systems that give them the confidence to continue operations as their organizations face all types of cyber threats.
Yes& is providing proactive public relations, content development, social media, and thought leadership to organizations at the forefront of cyber defense and protection. Visit our website to learn more about how Yes& supports organizations with these content marketing efforts.
