Share this article
With tensions increasing overseas, there’s some talk of Cyberwar or nation state attacks.
I often hear people quip “If we have a state actor against us, it’s game over and there’s nothing we can do about it”. In general, that’s not really true. For small to mid-sized organisations, it can be hard to quantify the level of threat posed to you or your company by a foreign nation state, as there are many misconceptions about them. Following is some general advice if you’re worried. However, if you’re a government organization, or provide critical infrastructure then the threat profile will be different and you should seek professional advice instead.
It’s useful to remind ourselves that foreign state actors are just organisations with specific, objectives to achieve within specific timeframes, and as with most organisations, they will have limited budgets, which inherently place limitations on their capabilities. They may be better resourced than many other attackers, but they’re not going to use an unpublished software exploit (known as a zero day) to target the average NZ person or company. These exploits are expensive to develop for common software, and every use increases the chance that the exploit will be detected and caught by AntiVirus, etc, in the future.
In general, instead of worrying about sophisticated actors, it’s worth looking at good security hygiene which will help make any attacker’s job a lot more difficult:
- Firstly, understand what your attack surface is. Make sure you know what services you’re running and what’s on the network – as that will help establish what other security measures you should have in place. This also includes cloud-hosted infrastructure, software as a service services, BYOD devices, etc.
- Make sure you’re applying security updates as soon as possible. This should include all devices including routers, phones, etc. If you’re a smaller organisation, automatic updates are your friend.
- Ensure you’ve got strong unique passwords which you’re using for each service.
- On a related note, ensure that multifactor authentication is in use across as many services as practical, including on personal accounts. This is especially important for administrative accounts. A number of the incidents we respond to for clients could have been avoided if multifactor authentication was in use.
- Ensure you have phishing protection, and anti-malware software deployed.
- Implement logging, monitoring and alerting. When we’re running red-team engagements, well configured logging/monitoring/alerting infrastructure helps to keep the defenders of the network informed of what we’re doing, and makes our jobs a lot harder.
- Effective backup and recovery capabilities are essential to restore your business data and services after a breach or compromise. These should be tested regularly.
- Accept the fact that something could happen, and be prepared with effective and well-practiced incident response and business continuity plans.
Obviously, there’s a lot of nuances that can’t be articulated in a short generic post. The Cert NZ Critical Controls and the ACSC Essential 8 are a good starting point for security measures to implement. Otherwise at Tesserent we’re always happy to help people understand what security threats they should be defending against, helping prioritise which security controls they should be focusing on, and testing whether they’re effective.
Speak with a Tesserent
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.