Businesses are under attack from all corners of the globe and while many organisations may think that nation-state threat actors would never target or be interested in them, the reality is that no-one is exempt from security threats.
Security leaders need to ensure they are staying up to speed on the latest threat intelligence, this can either be through an in-house capability or via third-party threat intel providers. Once they understand the tactics, techniques and procedures (TTPs) deployed by these threat actors, organisations can then ensure they have robust mechanisms in place to digest and act on this information to implement appropriate controls.
Organisational culture plays a key role in ensuring everyone is aware of the threats and risks posed to the business. It is vital that leaders educate users on what the most prevalent threats may look like and how to respond, this is a primary defence to protecting their business.
Social engineering remains one of the most widely used methods of attack and so implementing processes that are resistant to individual compromise is key. Using phishing resistant authentication methods, ensuring strict identity governance and control, and having a well-tested incident response capability are all crucial steps to preventing and mitigating these types of attacks.
Unfortunately, securing your own organisation is not enough and historically nation-state threat actors have taken advantage of weak third-party suppliers and supply chain governance. Having strong supply chain governance and assurance is now one of the top trends across industries and it’s critical businesses understand the dependencies and access that suppliers have.
If prevention fails, lateral movement post-compromise is one of the first actions threat actors will attempt and so endpoint detection and response, and zero-trust solutions that can prevent and detect unauthorised access are also vital.
In 2023, 1.9 billion session cookies were stolen from Fortune 1000 employees. With the session token, attackers are bypassing MFA and so it is much harder to detect and respond. Having solutions in place as part of a zero-trust architecture to detect session token replay attempts can stop these attacks and alert to possible credential or endpoint compromise.
Ultimately, collaboration and partnership across organisations and industry will help organisations understand these threats, the risks posed by nation-state actors and more importantly allow them to work together to prevent them.
Stephen McDermid is EMEA CSO at Okta
