Nation-State Cyberattacks: SolarWinds, Microsoft Just the Beginning
… much information was stolen or taken depending on the type of attack it was. And I think with Microsoft, you had this sort of quick follow-up. So everybody was dealing with that. Then there were some zero-days announced and then you had some follow-on attacks. So you have other organizations or other nation-states taking advantage of information that was put out there. And then now you’re dealing with individuals trying to catch up with that to patch their systems. We just had another one that affected not Office 365, but on-premises exchange servers, unpatched exchange servers.
Overall, we’re going to continually be picking up the pieces over and over again. There’s also a heightened sense of, there are vulnerabilities exposed, so more people are going to start to go after that, those who are interested in utilizing those to their advantage. So that’s what we’re going to be looking at for at least the short term until the next thing happens. And then we’ll start focusing on that.
CF: What aren’t organizations doing that they should be doing to better protect themselves and their customers from nation-state cyberattacks?
EB: I think this is the fundamental problem with that sort of thinking universally. We’ve focused on security as keeping people out, and that was a logical approach for a long period of time. I think that’s the No. 1 problem we have overall. And this is what organizations are not doing. They’re not thinking about the problem in the 2021 mindset or they’re not looking at it from the right perspective. They need to flip that thinking around and start to look at what it is they’re trying to protect. The bad guys are coming in, whether you want them to or not. It’s happening and it’s going to happen over and over again. So you have to stop thinking about ways to keep people out and think about what you can do to protect your most valuable assets once they’re in.
CF: Are these nation-state cyberattacks strategic in who they’re targeting? What makes a particular organization the optimum target for destabilizing the U.S.?
EB: Our global economy forces everybody to be strategic. There are always going to be constraints put around anybody who is willing to do this. So that forces people to be strategic. The motives may be different, and those motives may be driven by different time-sensitive issues. There may be a certain event that’s occurring that somebody wants to get after … like affecting the elections and things of that nature. Those are time-sensitive types of attacks. Those are extremely strategic because they have more finite bounds around them. You had the water plant in Florida that was the target of an attack. There were a lot more people in Tampa for the Super Bowl, so they’re going to attack that water supply.
Another mistake people make is, well, “no one cares about me.” Well, maybe they don’t care about you now, but they will care about you later because eventually your organization may be between them and something they want. And when you’re in that position, now you are a target. And if you’re not prepared, it’s going to be really easy to go ahead and infiltrate what you’re doing, exploit what you’re doing, and then cause damage to destabilizing the U.S. It’s really the relevance of what you’re doing relative to what those nation-states want to get after.
CF: Can we expect to see more of these nation-state cyberattacks in the coming months?
EB: Absolutely we’re going to see more. There is probably another one that we don’t even know about yet. We’ll find out about it later and we’ll find out that it happened months ago. And the impact of these types of attacks have only accelerated and have been more damaging over the last few years. You can’t believe that things are …