How Governance Professionals can Prepare for Cyber-Attacks by Nation-States

Following the U.S. airstrike on January 3 that killed General Qassem Soleimani, there’s been plenty of talk about Iranian retaliation. These warnings come directly from the Department of Homeland Security, and they warn of potential cyber-attacks. Cyber-attacks are much more in alignment with Iran’s history of attacking the US through things like proxies than actual physical attacks. Already, government websites have been defaced by hackers, and Iranian disinformation social media campaigns are cropping up on platforms like Twitter.

Experts seem to agree that Iran is not capable of attacks powerful enough to gain the kind of widespread media attention they’re looking for. That being said, any breach is damaging, and the next missile could very well strike a country with a more sophisticated cyberwarfare apparatus.

Due to the interconnected nature of the financial services industry, it’s especially important for governance professionals to help organizations prepare for potential breaches, especially with the proliferation of data privacy laws and the accompanying monetary penalties. Here are a few basic steps that all companies should consider to combat potential threats:

1. Implement Employee Training

Governance professionals should ensure that employees are properly trained in handling security incidents while preparing them for potential cyber-attacks by nation-states. No company is immune to cybersecurity threats, and organizations of all sizes need to ensure their key security systems are modernized and up-to-date. Cybersecurity measures for small organizations tend to be less sophisticated than those of larger corporations, and as a result, these organizations often try to fly under the radar in these scenarios. But these smaller companies are easier targets, are more vulnerable to attacks, and can serve as a gateway for hackers to gain access to the systems of bigger corporations.

2. Create a Recovery Plan

While there’s no surefire way for companies to completely protect their organizations from cyber-attacks, there are many ways to minimize the risks and the damage. Organizations need to make sure employees understand what those risks are, and have a plan in place for business continuity and disaster recovery when an attack does happen. ADCG’s Carlos Solari writes:

Business continuity and disaster recovery requires thinking about how employees will work without vital technology. It means answering who, what when, where and how. Is there a secondary location from which you can operate? Are there tasks that are normally automated that will need to be manually performed? Who is capable of doing which tasks? There are many detailed questions that need to be asked, but the general objective should be about how to continue to serve your customers and keep your business alive while your IT systems are down and in recovery.

3. Patch Vulnerabilities

January 14th marked the end of Microsoft support for Windows 7, which means that complimentary security patches for Windows 7 and Windows Server 2008 operating systems have ended. If hackers recognize this as an opportunity to exploit unsecured vulnerabilities, they could cause some very serious damage. Companies who haven’t finished migrating from Windows 7 and Server 2008 can purchase extended support from Microsoft, and now would be a good time to do it.

Organizations should also consider migrating their sensitive data and systems to quantum-safe cryptography sooner rather than later, and they should know how to use it as well. According to Michael Osborne, Manager Security and Privacy Group of IBM Research Zurich, quantum computers might decrypt public key cryptography in the not-so-distant future and the best time to migrate is when moving applications to the cloud. Inspecting suspicious cyber communications, making backup copies of critical data, and leveraging the most up-to-date threat intelligence systems can also help to curtail attacks.

4. Enlist Outside Help

Most organizations have security systems in place that are fragmented and disconnected, meaning that everything is controlled separately. These systems are inefficient and challenging to navigate. Companies are being urged to start integrating their systems and combining private clouds with public clouds—tools like IBM Resilient’s new Security Orchestration, Automation and Incident Response (SOAR) can help. This particular tool automates runbooks to help deal with security incidents while dynamically coordinating tasks.

Cybersecurity must be a group effort, and organizations are encouraged to start depending on the defense capabilities of the U.S. government, including CYBERCOM, the NSA, and the CIA. Cyber-attacks by nation-states are already starting to happen, but organizations can substantially mitigate risks by staying informed and maximizing the efficiency of their systems. The best plan of action for companies is to be prepared, recognize what they can and can’t do on their own, and know who to enlist to keep their systems.

The best plan of action for companies is to be prepared, recognize what they can and can’t do on their own, and know who to enlist to keep their systems safe and secure.