As we enter 2022, organizations are re-evaluating their cybersecurity strategies to lower risks and best defend against potential threats. Through budget, risk tolerance, compliance and more, organizations have varying priorities for their security needs. Two things to consider in that planning – in addition to the ever-growing threats of ransomware, phishing, and zero-day vulnerabilities – are nation-state and Advanced Persistent Threat (APT)-style attacks.
How APTs choose targets
While your organization may not have been hit by a cyber attack over the past year, chances are high that a partner or vendor in your supply chain has. APTs are generally established to deliver objectives with national-level implications, like espionage for political gain, theft of intellectual property or destruction of infrastructure. Ultimately, adversaries’ end goals impact who or what type of organization will be targeted.
In recent years, many nation-state attacks focused on intelligence gathering. While these attacks for the most part are industry-agnostic, the majority target critical infrastructure. Of these, most point towards government agencies where attackers exploit – or manufacture – security vulnerabilities to maximize collection of sensitive data with minimal effort.
Should organizations be concerned?
Hacking campaigns requiring months of planning and high-level computing skills needed to penetrate defenses and move across networks undetected were once reserved for nation-backed threat actors. Today, these resources are made readily available to anyone, bought and sold over the dark web as pre-packaged malware or hired services.
The APT-style threat hasn’t changed per se; it’s more about the growing number of those who now have access to tools to launch powerful attacks. As organizations move sensitive data to the cloud and incorporate connected devices into operations, the attack surface widens compounding the APT-style threat.
Organizations should have a healthy level of concern and prioritize cybersecurity strategies in terms of budget, staff, and other company resources that directly addresses APT detection and response. While larger organizations may have more resources, companies of any size are in the crosshairs. Smaller organizations should prepare accordingly, as many APTs view smaller targets as an entry point to larger attacks.
Protecting against APTs
There are a variety of steps organizations should consider. First, it’s critical to understand your own threat landscape. Take note of the intersections your organization sits in, and factor in how that may make you at risk. From there, build on the capabilities most relevant that will protect you from those threats. For example, deploying an extended detection and response (XDR) solution early on can help educate security analysts and larger SOCs on how to best utilize threat correlation and pattern detection.
In addition, incorporating managed detection and response (MDR) services will provide 24-hour security support, managing environments and threat hunting to augment existing security capabilities for a more automated and analytical approach.
Overall, the most important way to protect against APTs is to be proactive. Assume compromise, understand what compromise may look like for your organization, and go look for it. Simultaneously, try to not over-rely on technology. This approach has backfired on a variety of occasions over the last few years. If you don’t have detection and response capabilities, work with a security partner who does.
Finally, do the basics well. Security strategies can get complicated but are manageable if the basic infrastructure is working properly. Understand your own network, develop a detailed view of what “normal” looks like and develop capabilities that enable you to spot anomalous activity quickly.
This year will bring new threats and attack strategies from adversaries. Unfortunately, this means any operation in every industry with an online presence is potentially at risk.
Executive leadership and security teams need to allocate a security budget that strikes a balance between prevention, detection and response technologies and skilled personnel to continuously monitor, eliminate threats and limit any impact back should a successful breach occur.