A proactive cybersecurity risk management strategy has long been a priority for many larger organizations, but this is rapidly becoming a necessity for organizations of all sizes in all industries as the conflict in Ukraine drives the global cyber threat level to a new high.
The conflict in Ukraine is widely recognized as the first truly hybrid war with kinetic and cyber components from the outset, but the cyber impact is expected to last long after the guns fall silent, which is something every organization needs to be prepared for.
Whatever the outcome, the world will never be the same again, because as economic sanctions take effect, retaliatory state-sponsored cyber activities are expected to escalate in an attempt to counter restrictions and make up for losses through cyber fraud and extortion.
Therefore, organizations of every size need to be prepared for an unprecedented level of malicious cyber activity and ensure that they either have the ability to go well beyond the basics to withstand the cyber onslaught that is likely to come or that they have the right partners who do.
State sponsored attackers have long been a consideration for organizations with links to government and the defense industry, but in the coming months and years, all organizations should consider themselves potential targets of this serious, well-trained, and superbly organized attackers, who typically have access to advanced malware and zero-day exploit tools.
The impact of state-sponsored cyber-attacks should not be underestimated, especially in the light of the impact of attacks such as NotPetya and WannaCry that resulted in huge disruptions to businesses and services and resulted losses in the hundreds of millions.
Now is the time to ensure that your organization not only has the ability to block as many known types of cyber-attacks as possible, but can also detect, respond to, and recover from unknown or unexpected attacks because state-sponsored attacks tend to be well funded, well resourced, and extremely difficult to detect.
This means that more than ever before, organizations need to ready for the unexpected by implementing round the clock monitoring of the entire IT estate to identify threats, having well defined and well-practiced incident response and recovery processes, bolstering cyber resilience, and improving access controls to eliminate easy paths to compromise such as credential theft.
It is therefore important for all organizations to understand the need for, and benefits of, modern approaches to cybersecurity such as proactive threat management, Zero Trust, Identity Defined Security, Decentralized Identity, and securing software and other IT supply chains.
Where cyber attackers are advanced or state sponsored and have access to zero-day-exploit based tools, anti-malware solutions may not be able to detect the initial compromise. In these cases, integration of all services including cloud-based into security intelligence tools is key to eventually discovering and remediating the incursion.
— John Tolbert, Lead Analyst, KuppingerCole
Because we understand the importance of a proactive security capability, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats, including live events such as the 2022 KuppingerCole European Identity and Cloud (EIC) conference taking place in Berlin and online in May.
The agenda includes panel discussions on Assessing the Business Impact of Russia’s Invasion of Ukraine, Securing the Composable Enterprise, Zero Trust Best Practices, and CIEM: Managing Your Cloud Scale Risk with an Identity Defined Security Approach, as well as other cyber security-related presentations including:
- Identity. Security. Decentralized. The Future Composable Enterprise
- Software Security and the Software Supply Chain: Must-do’s for every organization
- Strategic Approaches for Deploying Zero Trust
- Autonomous Security in a Hybrid Multi-Cloud World
- Promoting Cyber Resilience through Identity and Zero Trust
- Demystifying CIEM for an Effective Multi-Cloud Security Enablement
- The SolarWinds Hack and the Executive Order on Cybersecurity happened - It is time to prepare
Advisories
Reduce the risk of falling victim to industrial espionage and other state-sponsored attacks by looking at this Advisory entitled: Protect Your Cloud Against Hacks and Industrial Espionage, which looks at implementing the proper security tools in your cloud-based environments.
For a perspective on where state sponsored attacks fit in among the typical cyber threats facing organizations, and some top countermeasures to consider, have a look at this Advisory Note on Top Cyber Threats, while this Advisory Note highlight state-sponsored attacks in the context of: Business Continuity in the age of Cyber Attacks.
Any organization that is the potential target of industrial or state-sponsored espionage, and even organized crime groups that have access to similar tools, that should consider implementing a Security Operations Center (SOC). For guidance on how to go about that, have a look at this Advisory Note entitled: Architecting your Security Operations Center.
Providers of critical national infrastructure and all of their suppliers are natural targets for state-sponsored attacks. For a perspective on what technical controls should be applied by organizations falling into these categories, have a look at this Advisory Note on Managing Risks to Critical Infrastructure and this Advisory Note on Making critical infrastructures in finance industry fit for the age of cyber-attacks.
State-sponsored attacks aside, the probability of becoming a victim of a cyber attack is higher than ever, therefore a concrete plan and organizational structure to ensure the impact is minimized is essential for every organization. To find out more, have a look at these Leadership Briefs on Incident Response Management and Responding to Cyber Incidents.
If you are considering implementing detection and response tools, but find the market segments confusing, have a look at these Leadership Briefs entitled: Do I Need Endpoint Detection & Response (EDR)?, Do I need Network Threat Detection & Response (NTDR)?, The Differences Between Endpoint Protection (EPP) and Endpoint Detection & Response (EDR), and What (and why) is XDR?
Audio/video
For a retrospective on the SolarWinds-incident, listen to what our analysts consider the lessons learned, the strategic approaches towards improving security in organizations that depend on diverse cyber supply chains, and the changes that need to be made in this Analyst Chat entitled: Post-SolarWinds Software Security Strategies.
As mentioned earlier, security experts increasingly point to the importance of developing a cyber resilience capability. For a brief overview of the topic, listen to this Analyst Chat on Business Resilience Management.
If you are considering an investment in network detection and response tools, find out what threats they are looking for and how they complement endpoint protection tools in this Analyst Chat on NDR - Network (Threat) Detection and Response.
Masterclass
Continuing the theme of resilience, have a look at this Insight on Business Resilience Management, which lays out the basics of the concept, some of the business benefits, and some approaches to achieving it.
Blogs
Our analyst have written several blog posts that offer different perspectives related to state sponsored cyber threats and approaches to dealing with them. Have a look at the list below and select the topics that are most relevant to your organization:
- Privileged Access Management Can Take on AI-Powered Malware to Protect Identity-Based Computing
- Know Your Enemy
- Regin Malware: Stuxnet’s Spiritual Heir?
- Preventing, or surviving, data leaks
- Preparation Is Key: Where Prevention Ends, and Business Continuity and Incident Response Management Begins
- What is XDR?
Webinars
When it comes to state-sponsored attacks, a proactive security risk management strategy becomes essential. To find out more about how to go about achieving this, have a look at this webinar entitled: Surviving the Cyber Security Attack Wave.
In the face of state-sponsored cyber attacks and tools in the hands of cybercriminals, organizations need to have the capability to discover more advanced attacks as soon as possible, which is the topic of this webinar on How to Hunt Threats Effectively With Network Detection & Response Solutions.
Moving towards a modern and agile Zero Trust security concept is essential in today's mobile first, work-securely-from-anywhere world, especially in the face of attacks by organized cybercrime groups and state-sponsored attackers. For more on adopting Zero Trust, have a look at these webinars:
- Making Zero Trust Work With the NIST Framework
- Technological Approaches to a Zero Trust Security Model
Effective cyber defense depends on detecting, preventing, and mitigating threats not only on desktops, laptops, and servers, but also on the network, in the cloud, and in OT, ICS and IoT. Find out about the importance of a security operations (SecOps) approach in this webinar on Enabling Full Cybersecurity Situational Awareness With NDR and this webinar entitled: Effective Endpoint Security With Automatic Detection and Response Solutions, which highlights the shift in focus of the cybersecurity industry from protection to detection and response.
There is growing interest in deception as a methodology and as an integral part of cybersecurity architecture, as organizations seek more effective approaches for detecting and responding to threats in real time. To find out more about how to choose the right Distributed Deception Platform, have a look at this webinar entitled: Adding Certainty to Your Cyber-Attack Detection Capabilities.
Whitepapers
Understanding an organization’s risk posture and providing transparency, while aligning cyber security efforts with corporate strategies, is a major challenge. Find out how to tackle this challenge in this Whitepaper entitled: Moving towards a holistic Cyber Risk Governance approach.
Research
Endpoint Security, NDR, and SOAR are key technologies in defending against advanced cyber threats. To find out more about the offerings in these markets and how to select the product that are best suited to your organization, have a look at the following Leadership Compasses:
- Enterprise Endpoint Security: Anti-Malware Solutions
- Network Detection & Response (NDR)
- Security Orchestration, Automation and Response (SOAR)
Tech Investment
Organizations investing in technologies to defend against advanced cyber threats can have a look at some of the related technology solutions that we have evaluated: