How to Defend against nation state attackers
January 8th, 2018
While many enterprises are enhancing traditional security strategies with increasingly proactive measures, there is still a widespread misconception amongst security professionals that nation-state attacks are impossible to anticipate and effectively defend against. It is believed that using commercially available and open source threat intelligence to conduct active reconnaissance on hackers to identify threat actors through their activities is only effective on common cyber criminals.
Organizations take preemptive steps to mitigate risks and minimize the damage from common cyber criminal attackers by identifying these threats early in their development phase. It is a common misconception that nation-state attackers cannot be found using conventional means due to their state-enabled cloak of privacy, including private networks, closed telecommunications systems, however OSINT can be used to detect nation state attackers and mitigate the risks their attacks pose.
Deterring and preventing both common and nation-state sponsored cyber attacks can be achieved through readily available threat intelligence as a foundation of an effective security program. The four steps to a strong foundational program are:
- Present a less attractive target
- Think like your attacker
- Monitor the clear, deep and Dark Web
- Identify attackers’ weapons at the surface
In this blog we will be covering the first step, "Present a less attractive target". Check out this four part series, or download the comprehensive free whitepaper called Piercing the Cloak of Secrecy.
#1: Present a Less Attractive Target
When defending against nation-state attackers, it is important to remember that, like the rest of us, they are affected by human psychology. Typically speaking, attackers are funded by the state and work in hierarchichal organizations such as intelligence agencies and the military. They report to higher up bosses such as commanding officers, group leaders, managers, and just like subordinates everywhere, they want to produce pleasing results. Check out this example from our newest whitepaper, Piercing the Cloak of Secrecy:
If the goal is to disrupt telecommunications, they may start by conducting reconnaissance on the top two carriers. With the larger carrier, the attacker finds very tight security, but looking at the next carrier, he discovers a vulnerability. The attacker sees an opportunity for success, a chance to generate results that will impress the boss, so he pursues the second company rather than the first. That is why it is critical for enterprises and organizations of any kind to understand how they look from a cybersecurity perspective in comparison to their competitors."
Gaining a comparative view requires benchmarking, which enables a company to measure how security programs are preforming against larger goals. Benchmarking also provides a framework for gauging how strong a companys security posture is relative to its competitors.
Organizations of all varieties are using OSINT resources (intelligence gathered from the clear, deep and Dark web combined with other techniques) to protect themselves against nation-state attacks. By understanding what motivates nation-state threat actors, how they operate, and how they are different than common cybercriminals, security professionals put their organizations in a much stronger position to defend against these attacks. To learn more about how to leverage OSINT resources to develop organizational protection, check out our whitepaper called Piercing the Cloak of Secrecy.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.