Politically motivated cyber attacks

According to a new report, 53 percent of critical infrastructure providers report that their networks have experienced what they perceived as politically motivated cyber attacks.

Participants of the Symantec survey claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses.

Participants from the energy industry reported that they were best prepared for such an attack, while participants from the communications industry reported that they were the least prepared.

Critical infrastructure providers represent industries that are of such importance either to a nation’s economy or society that if their cyber networks were successfully attacked and damaged, the result would threaten national security.

Recommendations to ensure resiliency against critical infrastructure cyber attacks:

• Develop and enforce IT policies and automate compliance processes. By prioritizing risks and defining policies that span across all locations, organizations can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.
• Protect information proactively by taking an information-centric approach. Taking a content-aware approach to protecting information is key in knowing who owns the information, where sensitive information resides, who has access, and how to protect it as it is coming in or leaving your organization. Utilize encryption to secure sensitive information and prohibit access by unauthorized individuals.
• Authenticate identities by leveraging solutions that allow businesses to ensure only authorized personnel have access to systems. Authentication also enables organizations to protect public facing assets by ensuring the true identity of a device, system, or application is authentic. This prevents individuals from accidentally disclosing credentials to an attack site and from attaching unauthorized devices to the infrastructure.
• Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
• Protect the infrastructure by securing endpoints, messaging and Web environments. In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organizations also need the visibility and security intelligence to respond to threats rapidly.
• Ensure 24×7 availability. Organizations should implement testing methods that are non-disruptive and they can reduce complexity by automating failover. Virtual environments should be treated the same as a physical environment, showing the need for organizations to adopt more cross-platform and cross-environment tools, or standardize on fewer platforms.
• Develop an information management strategy that includes an information retention plan and policies. Organizations need to stop using backup for archiving and legal holds, implement deduplication everywhere to free resources, use a full-featured archive system and deploy data loss prevention technologies.