Last week we spoke about business risks emerging from the convergence of technologies. This week we are throwing some light on how geopolitical conflicts between nations are spilling over into cyberspace and causing significant losses to businesses that are not connected in any way to these conflicts.
State back Advanced Persistent Threat (APT) actors are increasingly targeting non-critical sectors and business infrastructure across the globe. The objectives seem to be:
- Exfiltrate data to keep tabs on the manufacturing capabilities of countries competing in open markets
- Test the potency of test malware and weaponized communication means
- Use the technology infrastructure in the target companies to launch attacks on other businesses in the country
- Study the digital footprints and architectures of existing and new pieces of hardware and create rouge digital twins to fool perimeter-based cybersecurity systems
With the convergence of tech and lack of integrated cybersecurity and means to prevent lateral movement of malware, many digital transformation projects are sitting ducks for APT groups and unaffiliated malware developers.
It is therefore essential to plug such gaps to secure your digital infrastructure. Follow these steps to secure your infrastructure:
- Be asset-aware: know which devices and networks are always connected
- Prepare a risk-vulnerability matrix
- Treat cyber resilience as a phased activity
- Classify and segregate assets and networks that connect to them
- Conduct periodic security and vulnerability analysis
- Harden configurations, networks, and processes periodically as a rule
Subex Secure has been securing complex digital transformation projects involving the Internet of Things (IoT) and Operational Technologies (OT) for a while. We have a solution that can detect and flag threats early, prevent lateral movement of malware and help detect rogue and fake devices trying to latch on to your network.
You can find out more about our capabilities here.
Nat will be glad to help in case you wish to learn more. You can drop her a line: firstname.lastname@example.org.