European and US businesses in the crosshairs of nation state cyber espionage
Corporations used to think that their main threat was from cyber criminals, but recent events have changed this notion. According to a new report by Trend Micro, European and U.S. businesses now see cyber espionage as the biggest threat to their security (). The research, which surveyed 2,402 enterprise IT decision makers across Europe and the U.S., shows cyber espionage topping the list of largest security concerns for 2017, followed by targeted attacks (17 percent) and phishing (16 percent).
The report says that organizations in the West are under “increasing pressure” from groups looking to get their hands on sensitive data:
“As more of our critical data is being moved online, nation states are now targeting businesses to obtain this data and businesses are struggling to keep up….”
The reasons for this new focus are obvious: high profile hacks associated with nation states are in the news almost everyday.
The most heavily publicized incident has been the2013 Yahoo! hack, now believed to be the work of Russian intelligence.
What does this mean?
The threat landscape has changed significantly, so it is crucial that organizations take a very critical look at their existing security apparatus. Defenses built to keep cyber criminals and hacktivists from stealing money and disrupting business are clearly no match for sophisticated offensive cyber operations. Such adversaries, equipped with the latest in cyber-attack tools, can easily bypass traditional security solutions focused on the perimeter, network and endpoint and reliant on signatures and behavior for detection. For instance, Microsoft’s Malware Protection Center has identified a new wave of NSIS (Nullsoft Scriptable Install System) installers that seek to evade detection by burying malware deeper in the code.
While Microsoft security products can now presumably detect this new malware, there are countless other cyber attacks that sneak past corporate security systems everyday. Once inside a corporate network, they perform reconnaissance activities, gain a foothold, move laterally in the network, obtain the data they seek and exfiltrate it. All this time, the organization’s security team is idle, believing that their firewall, sandbox and endpoint tools would have detected any malicious activity. By the time enough evidence accumulates to raise an alert, the attackers have completed their operation (average dwell time for breach detection is 79.5 days ).
What to do next?
Since it’s obvious that traditional security systems can’t cope with the arsenals of state-sponsored hackers, a new breed of cybersecurity solutions must be deployed immediately. These solutions are designed around the notion that prevention is not possible, and instead focus on early detection and mitigation. Instead of trying to identify threats by their signature or behavior, today’s solutions must take a wider look at the entire network, and useAI and machine learning capable of detecting very complex, multi-faceted attacks. Once identified, these threats can be contained and dealt with in the traditional manner.
A grim forecast
Sadly, this is just the beginning. As we’ve witnessed many times in cyber security, tactics and tools tend to slip away from the hands of the superpowers into those of lesser players. Very recently, a huge leak revealed to the world the cyber arsenal used by the CIA, and now everyone can try to utilize these tools for their criminal pleasure.
Once cyber criminals gain these advanced capabilities, they too will use them against the corporate world — but for a different motivation (money instead of data). Organizations that do not act today will face much bigger challenges in the future.