A recent article in CSO Australia by David Braue is titled “Businesses Risk Becoming “Collateral Damage” in Nation-State Cyber Wars.” The author interviewed CrowdStrike CSO Shawn Henry on why organizations need to plan now in order to minimize the consequences if attacks escalate “beyond proportionality.”
The article explains Henry’s view that recent revelations of widespread and sophisticated cyberattacks by North Korea aimed at financial gain should serve as warnings that businesses risk becoming targets because of the highly interconnected nature of today’s environments.
The article explains that a recent confidential United Nations report suggested that North Korea had managed to steal up to $2 billion via sophisticated cyberattacks, which it was using to fund military developments.
Henry explains, “You don’t want to be the splashback from an attack on somebody else, but because all of the networks are connected, the danger is very high for that to happen.”
Attacks Getting More Brazen
Breakout Time is Critical
The article also addresses “breakout time” as discussed in the CrowdStrike 2019 Global Threat Report, which is the time from initial compromise by an intruder to jumping to other systems. As the report found, nation-state actors and eCrime groups vary widely along this metric with times as low as 19 minutes for Russia-affiliated cybercriminals. The article states “That’s just 19 minutes between initial compromise and lateral movement within a target network — putting additional pressure on CSOs to implement effective detection and response measures.”
Organizations Need To Be Vigilant and Proactive
In summary, Henry emphasizes what he sees as the need for organizations to take a more active approach to their cybersecurity. “I see a lot of boards and CEOs who are very attentive and have a sense of urgency and understand the business risk — but I still bump into organizations that have a laissez-faire attitude about cybersecurity and feel that they will deal with it if it happens,” he says.