British businesses need to use more effective defences against relentless attacks from state-sponsored cyber hackers.
Several countries are now using digital interactions to launch attacks on individual companies as well as national infrastructures.
The UK’s National Cyber Security Centre (NCSC), the US Department of Homeland Security and the FBI recently warned that Russia is a prime culprit. It’s exploiting network infrastructure devices around the world – laying hidden digital landmines ready to activate for future attacks.
Such attacks by ‘State Actors’ were initially used to target the military and governments. Now they’ve broadened their attacks by targeting a range of sectors including healthcare, financial services, education and entertainment.
Companies interact with governments selling and buying services, so State Actors see them as a soft underbelly, much less prepared for attacks. Targets where it’s more likely to find an unlocked backdoor giving them access to infrastructures and sensitive data.
Russia’s not the only culprit. In April 2019, the US and UK governments hit out at state-owned Chinese telecoms firm ZTE. The NCSC warned UK telcos that using ZTE’s equipment and services could pose a national security risk. Three months later, Microsoft warned that state-sponsored attacks had targeted around 10,000 of its customers. Eighty-four per cent of them were enterprises, and most of the attacks came from Iran, Russia and North Korea.
To stay one step ahead, organisations need to invest well in their cybersecurity strategies. They need to deploy tools capable of detecting and defending against ‘zero-day’ attacks. This is when malware compromises a network before a patch can be delivered.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “Think about what information your organisation uses that would be most attractive to a hacker. Because if your organisation stores intellectual property, sensitive, personal, legal or financial data, you’re an attractive target for a State Actor.”
Being constantly vigilant is common sense, but it’s also essential to examine your organisation’s workloads, to identify where internet access isn’t always needed. Taking some workloads ‘offline’ could reduce the exposure of critical data to unauthorised access.
Gary added: “There are various effective cyber defence tools to help spot and block attacks, and an independent IT consultant can help you to evaluate the best ones to suit your business. But these threats are ever-changing in nature, so it’s also important your staff receive regular refresher training to ensure they maintain a cautious and vigilant approach – at home and work.”