4 Measures to Protect Your Business from Nation-State Attacks

State-sponsored, or nation-state cyber-attacks, are malicious cyber operations directed and instigated by a country or a country’s foreign intelligence services against a specific target. The aim is to further that particular nation’s economic or diplomatic interests.

Unlike regular cybercrime groups, nation-state actors rarely operate based on financial motivation. They are far more interested in retrieving trade secrets, intellectual property information, and any data that could serve to advance their sponsor country’s interests. 

Nation-state attackers are also adept at sleuthing; they’re far less destructive in their approach than regular crime groups, and rarely announce themselves. In fact, they aim for total stealth and to remain unseen. It's not uncommon for a nation-state sponsored campaign to go unnoticed for months, or maybe even years after it took place —if we ever do learn about them. The stealthier and more untraceable an operation, the smaller the risk of diplomatic consequences. 

Most worryingly, however, is that these groups are incredibly sophisticated. Along with their sponsor’s resources, attackers are armed with a nation-state’s political power. Their capabilities often exceed those of regular cybercrime groups, and this makes them a force to be reckoned with. 

State-sponsored cyber attacks are predominantly espionage campaigns, the primary target being government and local authorities. Here, the threat actors may find information about key people such as diplomats or any other high net worth individuals with influential power. 

Managed service providers and IT or security software vendors who manage the IT estate of any government or defense body are also in the crosshairs. Compromising a managed service provider could be the way to compromise whatever official authorities or industries the nation-state actors are after. And it comes with the bonus of potentially compromising more than one lucrative target at once. Pretty neat if you’re a state-sponsored attacker. 

1. Train your (and your business’) eye for phishing attempts.

A widespread technique for nation-state actors is phishing. Particularly cyber espionage campaigns rely heavily on phishing. While it may sound very basic, it is critical to have a trained eye in spotting any phishing or social engineering attempts. Even though you’re a sophisticated state-sponsored attacker, why bother with the complicated way in if the front door is wide open?

2. Implement proper password policies to keep attackers at bay.

Several prolific campaigns have seen state-sponsored groups gain access to their target company by cracking passwords. Fortunately, while it’s a simple way for threat groups to gain access, there are also simple mitigations to stop it. Multifactor authentication and appropriate password policies. No “password123”, please.

3. Stay on top of patch management to avoid zero-days.

Something unique to note about nation-state actors is their ability to utilize and weaponize zero-day vulnerabilities exceptionally quickly. We’re not talking weeks, but rather days. The simplest way to mitigate this is good patch management. You’ll be doing yourself a favor if you have processes in place to stay alert to zero-day vulnerabilities and patch the exploits as soon as possible. CISA is a good source of information, see for instance their latest advisory on the top 15 common vulnerabilities and exposures routinely exploited in 2021.

4. Invest in seriously solid monitoring.

Monitoring also plays an essential role in protecting against state-sponsored attacks. A lot of intelligence exists around vulnerabilities, indicators of compromise, and indicators of attack. This intelligence gives us an understanding of the modus operandi of the various state-sponsored groups. If you make sure your monitoring is set up properly and that you feed it this type of intelligence relevant to your sector and type of business, you’re better set up for a quick reaction to an attack. 

If you’re feeling unprepared for nation-state threats, a helpful first step is to look at your online exposure. What technology and software do you use? Do you have any external VPNs that are accessible? Are any employees oversharing on social media? What could an outsider learn about your company just by looking at what’s readily publicly available?

It may be a time and resource-saver to invest in a one-time assessment to help you identify vulnerabilities both externally and internally-facing infrastructure. A penetration test will do the trick for most, but depending on your company’s level of maturity, assessments that look at your company from an attackers’ point of view might be a fruitful ensuing step.

Next, ensure your monitoring is in place and don’t let it go hungry. Feed it the most up-to-date threat intelligence possible, and make sure you have a consistent resource for upcoming intelligence.. 

With your technology in place, it’s important not to forget about your people.

While it may not stop state-sponsored actors, you can slow them down by continuously training all staff in good cyber hygiene and boosting awareness around phishing and social engineering. Phishing attempts are rather fruitless if no one takes the bait. 

While internal education of non-security personnel is invaluable, upscaling your security team is the fastest way to increase your business’ cyber security maturity level. If they don’t already they know how to handle alerts, invest in them and get them ready.

Finally, devote some time and resources to ensuring your policies, governance, and, last but not least, incident response plans are in place. Easier said than done? Find some useful and practical advice on incident response planning in our guide.

State-sponsored attacks are a way of the world. They’re stealthy, they’re sophisticated, and their success or failure can have rather far-reaching impacts. But, if the basics are in order, businesses can help keep themselves and their clients safe.