Universities and advanced manufacturing among silent targets from hostile nation states, warns security expert

Alongside the risks posed by everyday cyberattackers, business in the UK specifically should be aware of the cyber espionage threat.

That’s the warning made by Adam Louca, chief technologist for security at IT infrastructure provider Softcat.

Louca said that while government infrastructure was the most obvious target for cyberattacks ftom hostile nations, even organisations not working closely with Government could also be at risk.

He told BusinessCloud that firms with advanced manufacturing capabilities, intellectual property or leading scientific research were in the crosshairs – and they may not be aware of the attack’s existence.

“Attackers are generally looking to dig deep into a network to steal information that advances their capabilities, rather than demand a ransom,” said Louca.

“It can take place over a long timeframe, often without an organisation realising the threat is there, infiltrating deep into a system and rendering it untrustworthy, even after remediation has been carried out.”

Louca said that the private sector is finding itself increasingly in the crosshairs recently, either as a direct target or as collateral damage.

He said firms don’t even have to be working closely with the Government to find themselves a target by nation states or ‘hackers for hire’.

The UK’s Centre for the Protection of National Infrastructure (CPNI) considers the UK a high priority target for espionage, with many countries actively seeking UK information and material to advance their own military, technological, political and economic programmes.

Louca said that targets extend as far as for education, where new technological innovation is being developed.

“We often see the research and university sector hit at high frequency by these types of threat actors,” he said.

“Often these organisations have underfunded or staffed Cyber Security programmes that do not match up to the value of the data they hold.”

Asked about the government’s role in identifying and remediating this damage, Louca recognised that the government is taking a more active role in communicating threats which it deems espionage.

There is also support from NCSC, the civilian arm of GCHQ, who monitor for signs of compromise and alert organisations so they are able to proactively respond, he said.

For firms who might be at risk, Louca advised that a first step was to increase security around phishing threats, poor password usage and vulnerability management.

Once a baseline of cybersecurity measures were in place, he said machine learning-based detection methods could provide an additional layer of protection for both the firm and the wider cybersecurity of the UK.

“Automated mechanisms like machine learning, delivered by specialist providers, are helping organisations monitor behaviours across their network to spot anomalies which would’ve otherwise slipped under the radar,” he said.

“Information gained in this way can then be shared across thousands of businesses to improve cyber security strategies across the board.”

But, he cautioned, machine learning “will not provide a guaranteed ability to recognise an attack.”

“The downside to this approach is it requires validation to monitor false positives as there could be, although unlikely, a legitimate reason for performing an action – maybe the user is a developer and this is part of their role.”