The reported Russian cyber-attack on the US Democratic Party’s opposition research database shows that foreign intelligence agencies are increasingly focusing on soft targets to gain the information they seek. Corporate leaders shouldn’t be complacent.
The type of attack reported in the media, which has strong overtures of having been state-sponsored, reflects the fact that even civilian and quasi-civilian data assets are being targeted to obtain valuable information to support national level intelligence requirements. These “soft targets” contain information that could form part of a larger, more strategic attempt to garner information.
What sets state-sponsored cyber-attackers apart from others, is often-time the fact that they have the training, resources, and time to be highly effective in breaching networks exhibiting any security gaps or ill-conceived or implemented cyber security processes.
With the reported attack on the Ukraine power utility late last year, which was also believed to involve state-sponsored players and caused significant power loss, it is clear that civilian and quasi-civilian cyber resources will continue to be targets of cyber attackers. Government and non-government organisations need to ensure their data assets and information systems are protected to repel the most determined efforts of this highly sophisticated calibre of attackers.
Any corporate or government leader who has access to privileged or sensitive information should consider which information may potentially be of interest to a foreign government and take appropriate steps to protect it.
In order to achieve this, organisations need to understand their cyber risk profile across their entire enterprise. This comprehension will permit organisations to institute cyber threat mitigation measures, which involve understanding their assets, the full range of threats they may face and their exploitable vulnerabilities.
Once the organisation has a firm handle on its cyber risk profile it can then move to take appropriate steps to implement or enhance a cyber security programme, which is effectively a three-part process encompassing visibility, intelligence and integration. Taken together, these measures will allow organisations to limit losses and damage caused by a cyber-attack as well as potentially prevent an attack from being successful.