According to Forrester Research, the growing global wave of cyber threats emanating from nation states should be a wake-up call for private sector security leaders across industries to prepare for more frequent and brazen attacks in the future. coming.
To help businesses prepare for the changing landscape of nation-state attacks, Forrester on March 2 unveiled a new model to defend against and prepare for the expected regulatory onslaught ahead.
Forrester senior analyst and lead author of the report, Allie Mellen, pointed out that 40% of reported cyber operations by country target the private sector. State-sponsored attacks have increased by almost 100% between 2019 and 2022, and their nature has changed – more are carried out for data destruction, denial of service and financial theft than in previous years.
The Forrester model is built in three stages.
First, understand how nation states attack organizations. A good starting point is the nation-state escalation scale available in the model.
“It’s a sound approach,” said Erich Kron, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Florida.
“In the end, for the victim, does it really matter which actor is responsible for an attack that steals money or sensitive information? He asked.
“Focusing on how these attacks are carried out, especially as cybercrime groups continue to mature, is far more important for most organizations than worrying about the source,” Kron told TechNewsWorld.
“Being aware that you may be a target is important, however, and planning should be part of threat models,” he added.
Threat modeling
Second, build threat models based on organization- and nation-state-specific threats.
“Threat models for geopolitical actors are living references of who, what, where, when, why, and how nation-state attackers are targeting your organization,” the report notes. “They help predict future attacker activity, close visibility and detection gaps, plan future market movements, and provide a tangible reference for executive discussions.”
“Appropriate threat modeling is absolutely important when dealing with nation-state actors,” said Alexis Dorais-Joncas, senior director of threat research at Proofpoint, a security firm in Washington. company in Sunnyvale, California.
“An organization that wants to strengthen its defense must determine which of hundreds of state-sponsored actors to target. Then it must prioritize countermeasures to those threats,” Dorais-Joncas told TechNewsWorld.
The third step is to get involved to influence the narrative around cybersecurity. To do this, security managers need to know which government jurisdictions have security requirements for their company; manage their relationship with the government through vehicles such as information sharing; prepare in advance for geopolitical events; and influencing legislative proposals before they become regulations.
The report also recommends teaming up with other players in an industry to gain muscle in the legislative process and keep council members informed about what is being faced with threats from nation states before they come. ask questions about the situation.
Strong foundation needed
“I think the Forrester approach is going in the right direction,” observed James Lively, endpoint security research specialist at Tanium, an endpoint management provider in Kirkland, Washington.
He added, however, that for the model to be effective, it must be built on an already solid foundation. “If your company is having trouble maintaining a compliance or patch effectiveness program, most models are already rendered ineffective,” Lively told TechNewsWorld.
Morgan Demboski, a cyber threat intelligence analyst at IronNet, a network security firm in McLean, Va., called Forrester’s model a “smart approach” to dealing with the nation-state problem.
“Having a strategic and informed approach when defending against attacks from nation states is essential,” Demboski told TechNewsWorld.
“Cyber activity and the strategic objectives of nation-state threat actors continue to show the interrelation between geopolitical landscapes and cyber threats, highlighting the importance of tracking government actions and international relations to assess their potential implications in the cyber domain. “, she continued.
“Preparing for an organization-specific activity is important because the threats faced by different businesses are multifaceted and differ by industry and region,” she added.
Attacks don’t go away
Robert Hughes, chief information security officer at RSA, a cybersecurity firm in Bedford, Mass., noted that the Forrester model appears to be very conservative advice.
“It’s about knowing the level of risk your business faces,” Hughes told TechNewsWorld. “While on some level it’s like trying to protect your home from a missile attack, there is a solid framework to start thinking about the questions and talking points you should be aware of as a business. to consider your risks and begin to address them using a multi-pronged strategy.
“Attacks on nation states are not going away,” he continued. “They are increasing in volume and capacity, and we should expect to see more, not less, in the next two years.”
ADVERTISEMENT
While the Forrester approach is sound, it’s nothing new, said Mike Parkin, senior technical engineer at Vulcan Cyber, a SaaS provider for enterprise cyber risk remediation in Tel Aviv, Israel.
“These are pretty much the same ideas that the cybersecurity community and businesses in general have been advocating for years, with heightened awareness among state-level threat actors,” Parkin told TechNewsWorld.
“It reinforces those ideas, though, and that’s a good thing,” he added.
Unnecessary distraction
While agreeing that organizations must protect themselves against all attacks and know how and to whom reports of attacks should be submitted, the scope of nation-state threats can be overwhelming, observed Todd Carroll, senior vice president of cyber operations at CybelAngel, a threat intelligence firm in Paris.
“You’ll be going around in circles trying to think of every nation state and every organized team and method of attack out there,” Carroll told TechNewsWorld. “China alone has dozens of state-sponsored teams attacking vertical markets through different methods and for various reasons.”
“You don’t have time to figure out ‘why’, but you need to focus your limited resources on protecting access, knowing your attack surface, and tracking your critical data,” he said. -he declares.
Claude Mandy, chief data security evangelist at Symmetry Systems in San Francisco, a provider of hybrid cloud data security solutions, was skeptical of the Forrester model, however.
“In an industry that struggles to manage less sophisticated and grassroots attacks, a nation-state-specific threat model could be seen as an unnecessary distraction for organizations that would benefit the most from a good grasp of the basics. “, Mandy told TechNewsWorld.
“Rather than investing in cybersecurity controls to try and thwart a sophisticated attacker like a nation state, we like to encourage organizations to prioritize their cybersecurity over what matters most to them – their data – rather than to start from the threats and try to guess which attackers will do,” he said.
Tech
