Andrew Bushby, UK Director at Fidelis Cybersecurity
The topic of state-sponsored cybercriminals is nothing new, but recent events in Salisbury have escalated the threat, causing the UK’s National Cyber Security Centre (NCSC), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) to issue a warning about the threat to our critical national infrastructure.
The UK’s critical national infrastructure has been on high alert for cyber-attacks for many years now. Cybercriminals know the chaos that can ensue from a successful attack, the lasting financial and stability impact and the potential payload from ongoing espionage activities. As such, it is worrying when reports are published on hospitals and other NHS organisations failing cybersecurity tests, as we all witnessed the damage can be caused by fast-moving malware as WannaCry spread last summer. With the threat of cyber warfare at an all-time-high, those charged with protecting critical services cannot be complacent. In fact, this goes for any business, which may feel the fallout of an attack on critical infrastructure, or be unexpectedly impacted.
It would be easy for those ordinary businesses, which are not providing critical services, to assume that the current elevated threat from nation states will not affect them, but they are sadly mistaken. Organisations of all sizes store and process highly-valuable, highly-sensitive data assets that threat actors – state-sponsored or not – would want to get their hands on. To defend those assets, organisations need to assess their defences, look to deception technologies to play sophisticated attackers at their own game and improve their overall security position. This will go some way to stop them becoming collateral damage in a cyber-attack on critical infrastructure.
As well as critical services, threat actors will often target those supporting them – including ISPs and other private organisations, which can often be overlooked. While government organisations will likely have the resources, capital and know-how to proactively monitor and defend their networks, peripheral and smaller enterprises may not. However, vigilance must be widespread – irrespective of size and industry. Rather than bundling cybersecurity under the broad umbrella and function of IT, organisations everywhere need to make it an independent, core function that protects the entire business.
Avoid being collateral damage
Automating detection and response capabilities will be critical as international tensions continue to rise. All enterprises need to have broad and deep visibility across networks, endpoints and clouds, in real-time and retrospectively. With automated detection and response, security teams will be able to automatically correlate, triangulate and validate whether threats that traversed the network impacted the endpoints, and automatically highlight and prioritise those that did. By giving security analysts the information, the context and tools they need to investigate, contain and remediate attacks, organisations can protect assets from falling into the wrong hands.
Cybersecurity defences shouldn’t stop there. It is also essential that organisations have a post-breach strategy in place that helps companies to dramatically reduce attacker dwell time. It is not surprising that traditional detection tools are becoming increasingly futile, not least because they either generate too many false-positives or fail to detect attacks in real time. Deception is a security strategy that uses decoys, false trails, and fake credentials that look, act and feel real to attackers. Essentially, companies can turn the table on attackers by luring them into their decoys thus providing the early warning required to start the investigation and response before the threat turns into real damage.
Come and meet Fidelis Cybersecurity at stand K100 at Infosecurity Europe, June 5-7th, Olympia, London.