As tensions rise over Russia’s invasion of Ukraine, there is increasing concern U.S. companies and critical infrastructure could be targeted as a cyber component of the broader nation-state conflict. Additionally, President Biden’s Russian sanctions have national security experts warning of retaliatory cyberattacks. This is a realistic concern as many of the largest U.S. infrastructure cyberattacks (e.g., SolarWinds) have been linked to Russian hackers.
These warnings by the U.S. government are part of a long list of nation-state cyberattack concerns. In recent weeks, Ukraine has been subjected to numerous cyberattacks against their government and financial institutions. A wider cyber warning comes from both the U.S. and U.K. governments that alleges the Ukraine attacks derived from the Russian military agency, Glavnoye Razvedyvatelnoye Upravlenie (GRU).
Nation-state attackers utilize similar techniques to other cybercriminals, however, these threat actors are working on behalf of a nation-state. They are traditionally better funded and less concerned of retribution as their own countries are unlikely to arrest and prosecute. Most nation-state attacks are directed toward critical infrastructures (e.g., energy, manufacturing, water systems). Additionally, manufacturing and industries identified as involved in important trade secrets are often highly sought targets.
Motivations behind nation-state attacks vary but are traditionally influenced by:
- Extorting ransoms
- Stealing classified information
- Seeking financial advantages
- Exacting retaliation
- Election interference
- Negotiating leverage
- Conflict preparation
Nation-state Attacks by Industry
While Advisen data identifies the public administration sector receiving the highest frequency of nation-state attacks (34%), these attacks are becoming more common within the private sector. Recent research discovered 35% of all nation-state attacks target enterprises in an attempt to gain international competitive advantages through intellectual property theft.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive to businesses and organizations to assist in avoiding, and successfully responding to, a nation-state digital attack. The agency recommends:
Reduce Cyber Intrusions
- All remote network access must require multi-factor authentication (MFA).
- Ensure your software is up to date.
- Disable all unessential ports and protocols.
- Verify strong controls on all cloud services.
- Reiterate to cybersecurity/IT personnel the importance of quickly identifying and assessing any unexpected or unusual network behavior.
- Protect your network with antivirus/antimalware software.
- Increase precautions to monitor, inspect and isolate traffic if your organization is tied to Ukraine.
- Establish a crisis-response team to respond to suspected cybersecurity incidents. Communicate not only roles/responsibilities but also technology, legal and business continuity.
- Assure availability of key personnel.
- Conduct a tabletop exercise for team members to identify their incident-specific roles.
Cyber Incident Resilience
- Evaluate your backup procedures to ensure critical data can be restored quickly from a ransomware or destructive cyberattack.
- Conduct a manual control test, if utilizing industrial control systems or operational technology, to ensure that critical functions will remain operable if the organization’s network is unavailable or untrusted.
The CISA urges all senior leaders (e.g., CEOs, Board of Directors) to take the following steps:
Chief Information Security Officer (CISO)
Security and risk prevention are more important than ever. You must trust the expertise of your CISO in light of the current heightened threat environment. Ensure they’re involved in all cyber risk conversations and decisions. Rely on their expertise to communicate your company’s priority of security and risk prevention organization-wide.
If not already established, your organization must create and communicate policies to report potential cyber incidents. During times of increased threats, you should lower thresholds. Encourage employees to communicate malicious cyber activities. This will not only help to quickly identify issues but also assist in protecting against additional attacks and victims.
Ensure your investment in security and recovery is targeted toward systems essential to your business’ critical functions. Conduct regular continuity tests to verify your company’s critical business functions would remain unaffected by a cyber intrusion.
Businesses should be ready for a worst-case scenario regardless of the level of global threat. You should be prepared to take the steps necessary to protect your company’s assets should a nation-state intrusion occur.
We’re Here to Help
As nation-state cyberattacks increase, it is critical you take every step possible to protect your organization. While the cyber conditions are continually uncertain, staying prepared and educated can have a significant impact on your company’s ability to survive and recover. If you have questions about your cyber coverage or would like additional risk mitigation cyber strategies, connect with a member of our team.