State-sponsored cybercrime is an urgent concern in the world’s current situation. Cyber threats and attacks continue to become more sophisticated and consequential. How can you best protect the digital assets in your business? In this article, we share some perspectives on current security threats, including state-sponsored risks, and the ways to mitigate them.
Critical infrastructures as prime targets
The Russian invasion of Ukraine has upleveled and intensified concerns about the threat potential of state-sponsored cybercrime. The Sikich cybersecurity team often hears from clients and members of the technology community who are worried that cyber attacks from Russia or other countries could elevate the risk to their data and systems. They want to know if they should consider additional security and which specific, immediate measures we would recommend.
Cyber attacks facilitated or supported by various governments have been on the rise for years. In October 2021—long before the current war—Microsoft reported that Russia’s share of state-sponsored hacking amounted to 58 percent of this activity worldwide. In our security practice and research, we have observed a substantial increase in critical infrastructures being targeted. Government agencies, manufacturing companies, and professional and financial services firms are just some of the types of organizations whose potential vulnerabilities are attracting the attention of criminals.
Sustained, sophisticated, multilayered attack tactics
We also see that hackers and cybercriminals are continuing to develop their skills and showing great tenacity and perseverance in finding their way into governmental and corporate systems. They may take years in a low-intensity approach below the radar of many detection and protection mechanisms, keeping tabs on network traffic, scrutinizing data repositories, identifying valuable digital assets, and learning about key individuals. Once they have a perch within an organization’s network, they may carry on their activities there or take a lateral step to explore the infrastructures and networks of trading partners or customers they find interesting. These advanced persistent threats (APT) are a favorite tactic of well-resourced hacking groups, such as those supported by governments.
As long as skilled hackers find access into a digitally powered system, they can use it as a beachhead for further exploration. Not infrequently, software-driven point-of-sale, air conditioning, or access control systems offer vulnerabilities that a hacker might exploit to eventually penetrate servers or storage arrays. Organizations’ security risks become more potentially damaging as intruders also delve into technology layers that they may not have approached in the past, such as firmware or operating systems.
Finally, the Sikich security team also finds that the targets for digital malfeasance are more diverse than ever. Enterprises, small and midsize companies, nonprofits, public sector entities—practically no organization can enjoy any kind of safe harbor from digital crime.
Moving towards comprehensive lifecycle risk management
Given these business conditions and the increased awareness of cybercrime and hacking as tools employed by hostile states, organizations might want to review their cybersecurity policies and protection protocols. Sikich consultants are not necessarily recommending specific security measures because of the current political situation and the dangers of state-sponsored hacking. We broadly assume that all companies are at risk, if not from state actors, then from hackers looking for financial gain or valuable intellectual property, or aiming to disrupt operations for any variety of reasons.
When we work with clients, we help them address acute vulnerabilities and security shortcomings first, especially if they have already suffered any kind of data or financial loss. For example, we help them ensure that staff knows about phishing risks, the software is patched and current, firewalls are in place, and antivirus and antimalware software tools are monitoring their systems.
Once those initial urgencies have been addressed, we approach an organization’s cybersecurity in the context of its goals and industry-specific security challenges. Through thorough risk assessments, supported by risk modeling and defining an individualized risk profile, we help stakeholders understand their risk posture and create a comprehensive, uncompromising security strategy that ranges across their business processes. That strategy, in turn, can become the foundation for managing cybersecurity according to an organizational lifecycle risk management strategy which can serve and evolve with your organization as long as it exists.
Complementary approach for achieving security and compliance
Many breaches still take place within one of the layers of the OSI model, and we address all seven layers when we collaborate with clients to plan and implement their cybersecurity. However, as technologies evolve in the cloud, we consider vulnerabilities and risks outside of the OSI model’s layers. Supply chain security is also top-of-mind for many businesses, especially as supply chain constraints continue to delay product deliveries.
If you’re concerned about the risk exposure in any area of your operations, Sikich may well start by performing a risk assessment that can inform a comprehensive risk management program. As we develop your data protection strategy, we keep compliance mandates and quality management requirements in mind. For each client, Sikich consultants aim to find the best possible alignment of security, compliance, and organizational productivity. Our security and compliance teams are also expert at helping companies implement the controls and data protection measures to achieve Cybersecurity Maturity Model Certification (CMMC) compliance, for example, when they conduct business with the Department of Defense or want to achieve ISO 9000 certification. CMMC can greatly advance the security of data, processes, and systems in your supply chain.
Here to help
From cybersecurity services to our Security Operations Center and participation of a virtual chief information security officer (vCISO) on your team, Sikich is ready to help you understand and mitigate current and emerging threats. Here are some best, next steps:
- To understand current security risks by state-sponsored and other cybercriminals against U.S. organizations, visit Shields Up by the Cybersecurity & Infrastructure Security Agency CISA). CISA explains cyber threats by Russian entities and provides advisories.
- The Sikich cybersecurity pages describe our services and help you find informative articles and videos.
- Get in touch with us.