Intelligence agencies belonging to nation-states perform cyber-espionage. That’s a fact, and it’s been a fact for decades. No worth arguing otherwise or claiming that they are breaking the law – it’s their mandate and they don’t try to hide it.
I’m not surprised when Leo Messi scores a goal, when a fireman puts out a fire or when a politician lies, so why should I be surprised when intelligence agencies gather intelligence? It used to be all about HUMINT, VISINT, SIGINT, OSINT, and now it’s about CYBINT (which is actually just a natural part of SIGINT). And everybody’s in it.
Free eBook: Modern Retail Security Risk – Get your copy now.
Recently, it seems that every other day some cyber research company (or comrade Snowden) gets headlines after they publish a long and colorful report regarding “the latest, most advanced, longest-lasting, stealthiest, most widespread” cyber-espionage campaign performed by a “nation-state entity”. Wow! That’s terrible news! If that’s the case I should just open a bottle of scotch and sing “We’ll meet again” as I wait for the end of the world (I’ll probably do that anyway, without the “end of the world” part).
I should (a) remember that those companies are trying to scare me into buying their products even if the threat is not directed at me, and (b) remember what those agencies’ objectives are, what their assets-of-interest are, and see if it actually affects me. If I’m a government agency or part of the military/defense sectors, well, I should probably consider myself a viable target for national level espionage (and especially cyber-espionage) and prepare accordingly. But if the assets I hold in my networks and databases are close to irrelevant for nation-states, why should I be so alarmed?
It’s easy to say: “well, if I’m going to be hacked anyhow, I should just give up”, but that’s not helpful, and moreover, you’d have to bear the severe consequences. It’s imperative for companies and organizations, no matter the size, sector or location, to take a deep breath, map and prioritize their assets in their different environments, and then make an informed, rational cyber-security decision, rather than react to fear and intimidation.
To read about this, please view the original article on Cytegic’s blog here.
Cy-te-gic /pronounced: sʌɪ-ˈtē-jik/ adjective: A plan of action or strategy designed to achieve a long-term and overall successful Cyber Security Posture Optimization – “That firm made a wise Cytegic decision”.
Cytegic develops a full suite of cyber management and decision-support products that enable to monitor, measure and manage organizational cyber-security resources.
Cytegic helps organization to identify threat trends, assess organizational readiness, and optimize resource allocation to mitigate risk for business assets.