The threat from state-sponsored criminal cyber activity has grown rapidly in recent years. Companies of all sizes are targeted, so how can you protect yours?
Historically, cyber espionage was mostly a commercial activity. Just a decade or so ago, the worst offenders were Chinese firms seeking to steal the intellectual property (IP) of western businesses and, in particular, US and European technology firms.
This profile has changed in recent years, especially since the war in Ukraine and the associated uptick in disruptive cyber warfare by and on behalf of the Russian state.
Cybercrime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Cybercrime costs the UK billions of pounds, causes untold damage, and threatens national security.
In recent years, government and public sector bodies have come under increasing attack from state-sponsored cyber activity. Other key targets of this kind of cyber espionage include financial services, national infrastructure, private defence contractors and third-sector organisations – especially those with public sector contracts and/or international reach.
Cybercrime is a global threat. All companies and national infrastructure are targets because of the disruption that can be caused when these services are compromised.
Supply chain partners of targets are also subject to attack. They may offer easier routes into the target organisations through shared systems, as a launchpad for phishing attempts or other means. That’s one of the reasons why the National Cyber Security Centre has issued fresh guidance about supply chain security.
As we’ve seen from the recent Lace Tempest attack, which exploited vulnerabilities in the MOVEit app used by Zellis payroll customers, all supply chain partners including technology partners need to be managed through effective supply chain cyber security management practices.
The purposes and attack vectors can be different per attack. Ransomware is a common activity as is data exfiltration (as we saw with Lace Tempest). Many of the attacks targeted at Ukraine have simply sought to create disruption, with European and US organisations caught up in the attacks.
The UK’s National Cyber Security Centre (NCSC) lists Russia as the biggest aggressor in this type of malicious cyber activity. The GRU (military intelligence), the SVR (Foreign Intelligence Service) and the FSB (Federal Security Service) have all been linked to cyberattacks.
The NCSC also lists China, Iran and North Korea as states responsible for cyber espionage and cyber warfare in recent years.
It warns that the UK is exposed to a wide variety of cybercrime threats – from those that have the potential to be national security threats, such as ransomware, to commodity cybercrime campaigns (attacks that use readily available tools that require little or no customisation) which seek to defraud the UK public and businesses. Cyber criminals also frequently deploy commodity attacks, such as phishing or malware with the aim of scamming the public and businesses.
Firstly, we recommend starting with getting your business Cyber Essentials certified. Cyber Essentials enables you to build the perfect foundation from which to build cyber security into your organisation.
Importantly, if you are victim to an attack in where money is being requested, e.g. a ransomware attack, never pay the criminal groups. Doing so will put you under repeated attack. It’s unlikely to secure your data or return your systems to use.
Use a defence in depth strategy with a zero-trust approach. You need the right cyber security systems in place to ensure that all devices have the best possible protection. At a minimum, we recommend implementing a mobile device management solution, an email security solution and an endpoint detection and response solution for regular auditing. As well as putting measures in place so you are able to detect suspicious activity and understand when systems have been compromised so you can act swiftly to limit contagion, you will need to be prepared to deal with a potential incident, including by taking good backups that are stored separately to your other operations.
We should all be worried that our organisations are a potential target for cyber espionage or malicious state-sponsored activities – because we all are. We need to act on the basis of “when, not if”. For that reason, it’s a good idea to work with a trusted partner that will work with you to harden your defences.
If you’d like to discuss your organisation’s vulnerabilities, how to secure the “valuables” that you possess that might make you a prime target for cybercrime or you would like advice about how to strengthen your organisation’s cyber security posture more generally, please get in touch with our team. We can help.
Call us: 0808 164 4142
Message us: https://www.grantmcgregor.co.uk/contact-us
Find more advice and information about other cyber security topics on our blog: