There was once a hacker stereotype — the prototype was a pimply-faced teenage boy living in his parent’s basement in some nondescript suburb. His end goal was proving he could get into your network and show off his bonafides to his hacker buddies in chat rooms on the internet. Today, your adversary could be a well-funded nation state.

It changes the dynamic when the entity attacking your network is no longer an individual trying to get in to prove he can, but an organized force with deep pockets and a deep bench of technical knowledge trying to steal corporate secrets like your customer lists, financial information, or key intellectual property (or simply trying to shut you down).

The best way into your network isn’t through some hidden backdoor in the far-corners of your network. It’s straight through the front using stolen credentials, probably obtained on the internet black market or through some clever phishing expedition.

Ina Wanca, who used to be head of cyber security for NYC, has developed a program in conjunction with Carnegie Mellon University that combines artificial intelligence with phishing-awareness training to cut down on the number of people falling for phishing emails.

They trained people to understand the techniques these folks use, and recognize the red flags of phishing emails. In this way, they can tailor the training toward each individual employee’s understanding and knowledge of these threats. The AI watches as the person trains, and if they respond to a particular email, they can modify the training to give them more fine-tuned awareness.

Going international

News emerged last week that Google and Facebook were working with FireEye to combat election interference from Iran. While that was primarily using social media, there are also coordinated efforts on the part of foreign governments to penetrate US business networks.

Just this month, Harvard Business Review published an article on the changing nature of cybersecurity, emphasizing how it has become a geopolitical affair. The authors wondered if US companies are ready for such well-funded and coordinated attacks.

Traditional corporate cybersecurity efforts have been aimed at foiling hackers intent on gaining access to proprietary information or customer data for personal financial gain. They’ve also been focused on the dangers of software vulnerabilities, leading executives to invest in finding and fixing weaknesses in their systems before hackers could take advantage of them. This is all well and good, but against increasingly powerful and motivated perpetrators like foreign intelligence services, it is likely to be woefully insufficient,” the HBR authors wrote.

It’s probably not the message you want to hear, but you need to be prepared for every type of attacker. Your best bet could be training your end users to ignore phishing attacks. It could go a long way toward protecting your company from attacks, whatever the source may be, but it will very likely take more than that. You have to follow every best practice to keep your company safe.

<

Photo:  Elnur / Shutterstock.

Posted by Ron Miller

Ron Miller is a freelance technology reporter and blogger. He is contributing editor at EContent Magazine and enterprise reporter at TechCrunch.

2 Comments

  1. Thank you for sharing your insights. We certainly need to look at ways to better secure customer networks from all avenues of attack, though I do wonder to what extent an SMB would need to worry about an attack from a nation state actor.

    Reply

  2. Both the revenue holding rates as well as the contract renewal rates have been already increased by the leading managed service providers all across the globe. This is done by deploying the dedicated customer success executives.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *