The best-case scenario for a data breach is not to be breached in the first place. However, breaches do happen, and statically speaking, the chances increase year on year that your firm will experience some type of attack to access or encrypt your firm’s data. Attackers are often motivated by three things: money, notoriety, and politics. Most attacks that occur to small firms are often of the first two varieties, but in the last five years, we have seen a significant increase in the third variety...political cyber-attacks. Today, we will examine what constitutes a political cyber-attack and why it is essential for your firm to take such motivation seriously. Though you will find that the defensive strategies deployed against political cyber-attacks are almost identical to other types of attacks, it is still important to understand the motivations of these attacks and why they are so dangerous.
Political cyber-attacks often come in two varieties. First, there is hacktivism in which an attacker will facilitate the attack to make a political statement rather than financial gain. Think of a cyber-attack executed by an environmentalist group against an oil company. While they might also be motivated by notoriety for their cause, their primary purpose would be to disrupt a company's operation that they view as harmful to the environment. Though disruptive, hacktivists can often be lumped together with the attackers of other persuasions in that a single person or an organization executes them. Also, these individuals and organizations operate within the confines of their host country. This means that if you manage to identify your attacker and wish to take legal recourse, it might be possible for you to do so, giving the host country’s willingness to prosecute. Where this scenario becomes untenable is in the second instance of political cyber-attacks; state-sponsored attackers.
State-Sponsored Cyber-Attacks (SSCAs) are, as the name implies, attacks carried out at the behest of a nation state's government, military, or an official outsourcing the attack to a third party. This variety often comes in two forms. The first is cyberespionage, wherein the attacking nation-state attempts to gather sensitive information without being discovered. The second is offensive operations where an attacker will try to disrupt a foreign entity's operations, either governmental or business. We've already seen several examples of SSCAs that have taken place this year. One of the most prominent examples is the confirmation of Vatican computer systems' infiltration by Chinese hackers with the apparent goal of cyber espionage. While it is true that these actions cannot be directly tied to the Chinese Communist Party, the CCP has been known to outsource SSCAs in the past to maintain deniability.
The goal of an SSCA is to further the aims and objectives of the attacking government, so do not be surprised if the lines between targeting a government and targeting a private entity become blurred. It would be unwise for you to think that your company is too small or irrelevant to be the victim of an SSCA. Just because you feel your firm’s information may be irrelevant to an attacking state, they may not see it that way. In any case, your firm should consider SSCAs just as dangerous as any other cyber attacker and, in some ways, maybe even more so.
As stated above, most cyber attackers fall within the purview of their government. If you are the victim of an attack and wish to take legal action against your attacker, you will typically do so through the attacker’s government. Results will vary depending on how willing and competent said governments are to prosecuting attackers. However, what happens when the attacker IS the government in question? This is where legal action becomes almost impossible. If the government is sanctioning the attack, then your options for recourse are very limited. Depending on the scope of the damage, you might be able to ask your government to intervene on your behalf, but that gets into matters of international diplomacy beyond this article's scope. The tactics and targets employed by SSCAs are often the same as those used by other attackers, which means that the solutions are also very similar. In the instance of an SSCA, the best offense is a good defense where you take every reasonable action to defend your firm and its digital assets from attackers, be they state-sponsored or otherwise.