CSO Australia: How Nation-State Cyber Wars Increase Business Risk

September 04, 2019

| | Endpoint Security & XDR
A recent article in CSO Australia by David Braue is titled “Businesses Risk Becoming “Collateral Damage” in Nation-State Cyber Wars.” The author interviewed CrowdStrike CSO Shawn Henry on why organizations need to plan now in order to minimize the consequences if attacks escalate “beyond proportionality.” The article explains Henry’s view that recent revelations of widespread and sophisticated cyberattacks by North Korea aimed at financial gain should serve as warnings that businesses risk becoming targets because of the highly interconnected nature of today’s environments. The article explains that a recent confidential United Nations report suggested that North Korea had managed to steal up to $2 billion via sophisticated cyberattacks, which it was using to fund military developments. Henry explains, “You don’t want to be the splashback from an attack on somebody else, but because all of the networks are connected, the danger is very high for that to happen.”

Attacks Getting More Brazen

Henry explains risk is increased because threat actors are behaving more brazenly as though they are not afraid or don’t think they will be detected. He says, “And even if they are detected, they don’t believe there is going to be any type of retribution or accountability.” Henry argues that among the threats corporations should pay attention to are the ones that use “Living-off-the-Land Techniques” where, once inside, intruders rely on built-in system tools, such as PowerShell and JavaScript, whose very presence won’t set off red flags. He says, “From what we have seen in the last two years or so, the adversary’s capability moved beyond malware to signatureless attacks where they use existing capabilities in the operating systems to move in the environment undetected.”

Breakout Time is Critical

The article also addresses “breakout time” as discussed in the CrowdStrike 2019 Global Threat Report, which is the time from initial compromise by an intruder to jumping to other systems. As the report found, nation-state actors and eCrime groups vary widely along this metric with times as low as 19 minutes for Russia-affiliated cybercriminals. The article states “That’s just 19 minutes between initial compromise and lateral movement within a target network — putting additional pressure on CSOs to implement effective detection and response measures.”

Organizations Need To Be Vigilant and Proactive

In summary, Henry emphasizes what he sees as the need for organizations to take a more active approach to their cybersecurity.

 

I see a lot of boards and CEOs who are very attentive and have a sense of urgency and understand the business risk — but I still bump into organizations that have a laissez-faire attitude about cybersecurity and feel that they will deal with it if it happens,” he says.

Additional Resources

Breaches Stop Here