By Josh Riley
Chief Insurance Officer, Paladin Cyber
The overall pattern hasn’t changed much. When diplomatic negotiation fails or is abandoned, the resulting tension is often resolved through the quarreling parties trading new attempts at creating leverage. One shows its might with an attack, then the other argues against that advantage with a proportional strike of its own.
This holds true even when battles are waged online, but the conflict itself and its likely targets are not as well understood.
Adding to this confusion is a level of connectedness that many of us fail to appreciate, wherein civilian businesses can inadvertently create legitimate access opportunities at military targets. So, while ordinary businesses might not consider themselves relevant to international conflict, they may well be natural targets for hostile state-sponsored activities.
When speaking to your client, consider the likely motivations for state-sponsored attacks, and think about whether those motivations are relevant to your client’s business. A state-sponsored cyberattack on the U.S. is likely to prioritize disruption and/or intelligence gathering. Let’s discuss both in more detail.
During World War I, before the U.S. had even entered the fighting, Germany launched an attack on U.S. soil. The Black Tom bombing destroyed an important arms shipping and assembly center in New York. This action significantly disrupted the supply chain for munitions being sold to Britain, France and Russia.
In the internet age, nothing so brazen as a bombing on U.S. soil would be required to interrupt munitions operations. Access to construction and manufacturing subcontractors involved in arms design, production or distribution or in the construction of the facilities housing those functions could allow hackers to impact the ability of the U.S. to arm itself or its allies.
If your client maintains government contracts in these areas, or has a client base that is routinely involved in these projects, then they represent a potential access point for a foreign actor. The first priority should be to keep their employees on alert. When it comes to gaining access, the first task for a hacker is almost always using social engineering to obtain employee credentials.
The groundwork for intelligence gathering also lies in social engineering. One effective way to find optimal targets for social engineering is through collection of sensitive personal information. We tend to think of such information in terms of ID numbers and record counts, but qualitative data points can be just as valuable.
By targeting legal, financial and health services providers in high-importance areas such as Washington, D.C., or communities near military bases, foreign agents gain insight into who is most susceptible to being turned into an intelligence asset. Helping your client understand that they hold information that could be used as leverage against key military personnel should underscore the importance of data security. Discipline in email and browser use, along with overall safe computer use practices, can drastically reduce the risk of a service business creating a U.S. intelligence vulnerability.
While the patterns of international conflict are familiar, the rise of cyberattacks as an option for aggression has added complexity to the methods and players involved. Yet in the face of this complexity, it’s important for risk advisors to remind their clients that user behavior is still the silver bullet when it comes to prevention. Understanding that even your private sector clients may have exposure to this risk provides yet another reason for you to help them sharpen their focus on the fundamentals of effective cybersecurity.
Learn more about Cyber Sphere, an innovative product that combines Argo Cyber coverage with Paladin’s suite of loss-control software.