US cyber attack: Should I be worried about my network security?
The United States is no stranger to the threat of cybercrime. Hacking was the source of a $13.7 billion headache for the US government in 2018, and the frequency and complexity of attacks in the region has continued to escalate in recent years.
As such, the official response to the most recent serious cyber attack to hit the US came as some surprise, inspiring headlines across the globe and raising eyebrows far beyond the five walls of The Pentagon.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), the attack was not only targeted at government departments and critical infrastructure, but also the private sector. It was described as posing a "grave risk" and that tackling it would be "highly complex and challenging", with the “advanced persistent threat actor” demonstrating “complex tradecraft in these intrusions".
The heightened nature of CISA’s language shows how this particular incident (or series of incidents) presented a serious danger to US security. At a more personal level, it has also served to amplify the anxieties of anyone responsible for maintaining their organisation’s network security – after all, if the US government can be compromised by a new type of threat, then it’s understandable for IT managers to consider how well their own businesses are protected.
And with good reason. The threat of cybercrime is no less real for “normal” businesses. All day, every day, SMEs have to defend themselves against all manner of risks, ranging from external attacks by malicious actors to security protocol failures among those within the organisation. True, these events are not at the same scale, and they are unlikely to result in national security being compromised, but for the organisations involved the damage has the potential to be catastrophic.
The UK National Cyber Security Centre (NCSC) provides a useful structure to help organisations defend themselves against hacking, highlighting the risks at each of the four core stages of an attack: Survey, Delivery, Breach and Affect.
At this stage, the often-overlooked area of user education is paramount, underlining the importance of training all members of the network on the types of cyber risks they can expect to be presented with on a day-to-day basis.
Protecting the organisation at this stage includes the implementation of operational security measures, from password policies and control of user rights to malware protection and network perimeter defences.
Further to the measures implemented under Delivery, this stage can be defended against through monitoring for suspicious activity, by applying patches in response to known vulnerabilities, and by restricting access for certain users and devices.
At this stage, with security breached, organisations face the difficult task of extracting malicious elements from the network and repairing the damage. The NCSC says it is only by adopting a complete cyber risk management regime that organisations can fully optimise their IT defences.
So, while the dramatic headlines in the US may be cause for concern, they describe a sophisticated and targeted attack aimed at specific seats of power and influence; a concentrated effort to infiltrate critical systems holding highly valuable data.
For small and medium-sized companies, it is unlikely to present a direct risk, but it serves as a valuable reminder that no-one is immune to the wide-ranging cyber threats that exist outside of your network, and the importance of maintaining continued vigilance as risks evolve.
If you would like more information on how to keep your network secure and how to defend your organisation against the four stages of a cyberattack, contact us today.