Increase In State-Sponsored Cyber Attacks

Uploaded on 2018-04-23 in FREE TO VIEW, GOVERNMENT-Defence, GOVERNMENT-National, NEWS-News Analysis

Western nations should brace for more cyber security attacks on critical infrastructure from "second tier" nation states, as warfare from developing nations increasingly shifts online, according to a US cyber security expert who spent more than 30 years with the National Security Agency.

Phil Quade, who has recently become chief information security officer at cyber security software firm Fortinet, rose through the ranks of the NSA in his three-decade long career, serving in both "offensive" and "defensive" capacities, protecting the country's secrets and attacking adversaries.

He said the so-called Five Eyes countries (an alliance between Australia, Canada, the US, New Zealand and the UK), had adversaries of all sizes, including states that would be too small to consider starting a traditional war, but now saw an opportunity to strike virtual blows.

"They recognise that you don't want to take on a nation state with planes, bullets and ships from their position, they want to take them on asymmetrically. I expect mid-sized and smaller countries will increasingly resort to more cyber warfare," Mr Quade said.

Examples of state-based attacks are numerous. In 2015 the Ukraine energy grids was temporarily switched off after cyber criminals, suspected to be acting for Russia, compromised information systems of three energy distribution companies.

North Korean state-sponsored groups were also linked to the 2014 Sony hack and cybersecurity company FireEye has previously said to be monitoring 30 groups linked to nation state cyber-attacks.

Mr Quade said he was in Australia to investigate why local clients were adopting the company's broad range of cyber security products more quickly than other countries, which still invest mostly in its flagship firewall product.

Strategy

The former NSA leader joined Fortinet in January and is responsible for building alliances with external c-suite executives and advancing the national dialogue on cyber security, as well as internally ensuring Fortinet's IT products and services are secure.

Mr Quade was also given permission to create a group dedicated to critical infrastructure protection, which he said would focus on community concerns around national assets, rather than business development.

Despite regular assurances from utility and telecommunications companies (considered critical infrastructure) that they have state-of-the-art cyber security defences, Mr Quade said that in his experience financial services companies were usually best in class for their approach to cyber security

"I don't want to be too critical, because my knowledge of the US is better ... but typically financial services does a nice job of communicating about shared risks. One man's detection is another man's prevention. But it goes mostly downhill from there," he said.

"[To get to the leading edge] the first thing to recognise is that we need to better integrate the disciplines of security. Right now we often manage IT and OT (operational technology) separately and then have a third person in charge of physical security.

"We need to get better at integrating these approaches and that will close the seams the adversaries seem to exploit."

Increasing Threats

According to Fortinet's latest quarterly threat landscape report, cyber-attacks are increasing in volume, variety and velocity.

The report found cryptocurrency mining malware was on the rise in APAC and globally, with cyber criminals utilising a technique termed crypto-jacking to mine cryptocurrencies by loading a script into a web browser without installing anything onto the computer.

In Australia specifically, it was also observed that attacks had been particularly concentrated on the healthcare and education sectors and this was attributed to the lower cyber knowledge of workers in these sectors, in conjunction with the bring-your-own-device trend.

Ransomware was also found to still be prevalent and three of the top 20 attacks identified by Fortinet had been targeted at internet of things devices.

In February the new mandatory data breach notification rules came into effect in Australia, meaning companies above a $3 million revenue threshold or that are subject to the Privacy Act, must disclose data breaches that could result in "serious harm".

Under the new laws, sea safety and support company Svitzer Australia was the first to publicly disclose that the email accounts of three Australian employees had been compromised between May 27, 2017 and March 1, 2018, with emails auto forwarded to two external accounts. After discovering the breach, the company stopped the theft within five hours.

Mr Quade said that internationally Europe's GDPR regulations on data breaches were considered the most aggressive, with penalties including 4 per cent of a company's revenue for failing to report a breach.

"It's a toothy way of causing movement. But in my whole career I've found you don't always have to use the stick, sometimes the carrot is the right approach," he said.

"The NDB scheme doesn't have the same toothiness as the GDPR, but that doesn't mean it's wrong, it's just a different balance."

Australian Financial Review

You Might Also Read: 

Cyber Criminals Catch Up With Nation-States:

Nation State Hacking Is On Trend In 2018:

 

« Will AI Replace Most Jobs?
NATO & EU Form Cybersecurity Partnership »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IONU Security

IONU Security

IONU offer a security platform focused specifically on providing Data-centric Security.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

Twingate

Twingate

Twingate help organizations secure and manage access to their technology resources in a world where people work from anywhere.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.