State-Sponsored Sabotage and Your Business

  
  

 

Since the 2016 presidential election, state-sponsored attacks have been a hot topic — and not just in the public sector. This year, state-sponsored attacks against the United States power grid and universities around the globe have sparked intense, international concern about the rise of sophisticated cyber warfare. Many nations are familiar with the traditional battleground, but when war adapts to the digital age, how do we defend against an enemy we can’t see?

While Russia sabotaging the American power grid sounds like a great summer blockbuster, the truth is that these attacks are very real and dangerous. What, then, is the solution? In one word: people. Employees of critical infrastructure organizations, such as educational institutions, healthcare providers, utilities, and manufacturing companies, are the first line of defense. Outside of security controls, policies and procedures, and strong vulnerability assessment, management, and monitoring practices, security awareness training is key. Both of the headline-topping 2018 attacks — the first targeting international universities, and the second, the United States power grid — were rooted in social engineering techniques, spearphishing and waterholing.

One of the best ways to ensure that we do not fall victim to state-sponsored attacks like those that have shaken the country — and the world — this year is to maintain an effective security awareness training program, ideally, including interactive, scenario-based “tabletop” exercises, phishing simulations, and physical social engineering tests, such as USB drops. The more engaging, realistic, and hands-on your training program is, the less likely staff members are to tune out due to “training fatigue” — and the more likely they are to retain and apply what they’ve learned.