Have nation state cyber attacks become a concern for all organizations?

Security Strategy & Roadmap Threat Intelligence & Incident Response Risk Management

2k views1 Upvote3 Comments

Sort By:

Oldest

Sr. Director of Enterprise Security in Software2 years ago

I'm not affiliated with the government anymore, so I'm not as concerned about cyber attacks from other nation states as I once was. But one of the interesting things about my role at Front is that Front is an email collaboration app. We ingest all of your email into our app and then there are all these other functions that exist around email like commenting, chat and shared email. We're ingesting all our users’ email data, so we have to be just as secure as whatever mail service they're using.

As we start looking at information campaigns and disinformation campaigns, we've talked about how holding onto that kind of information makes you a target. I don't think a company of our size would show up on someone's radar, but the data we have certainly could. Once you start figuring out what kind of data you hold as an organization, you can put yourself at risk of being a bigger target than you were previously.

Founder/Chairman/CTO in Telecommunication2 years ago

Considering SolarWinds and various campaigns that have happened over the past two years, it’s clear that nation states don't care as much about getting caught as they used to. There used to be a real focus on stealth and targeted attacks. But there's been a shift to things that are more opportunistic, which brings a broader group of targets into scope. For organizations that previously thought, "A nation state's not going to concern themselves with what we're doing, or what we've got access to from an information standpoint," some of that calculus has shifted quite a bit over the past two years.

In terms of vulnerability management, we’re digging into the threat intelligence side of things at Bugcrowd. We’re trying to understand what campaigns are being launched or planned against companies like ours, while also making sure our systems are resilient enough to stay ahead of all those things. It amounts to productive paranoia. You end up thinking about this stuff more than you would like to, but it becomes quite productive.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

Senior Information Security Manager in Software2 years ago

I wouldn't say we're below the radar, but we’re not among the top 100 types of companies Russia would want to make a statement with in the US. But Russian cyber attacks are definitely a concern for everyone, because they've got thousands of well-trained hackers who see a lot of profit in attacking American systems. When you consider that a person could live 10 years off a single attack, they have massive incentives.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile Devices Security+2 more

VP of IT in Retail3 days ago

My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more

82 views1 Comment