Cyberattacks against US business, the ‘perfect asymmetric weapon’

By Josh Bradford on October 30, 2017

Hacker with laptop initiating cyber attack

Geopolitical tensions across the globe expose US companies to as they are viewed as elements of US national power. According to experts speaking at Advisen’s Cyber Risk Insights conference in New York last week, these countries consider cyberattacks the “perfect asymmetric weapon.”

“In a sense being an American company does unfortunately carry a great risk from nation-state attacks because they [nation states] see the strength of the US economy underpinning the larger military and political power of the United States,” said Haris Shawl, Manager, PwC Cyber Threat Operations.

The risk is real for all segments of the US economy. There is often a flawed assumption that only the government, government contractors, and the largest of companies are targets of nation-state cyberattacks. But the panelists agreed that small and midsize companies are equally, if not more, at risk.

“In the SME space there tends to be a belief that if we’re not Lockheed, L3, GM or Google, we won’t be attacked,” said Reid Sawyer, SVP, credit, political & security risks, JLT Specialty USA.  “But the problem with that is most of the innovation occurs on the periphery. Small emerging tech firms are working on some of the most cutting edge aspects of technology, business processes and IT systems. So the extraction of that value for a nation state, or the disruption of those attacks, is more significant.”

Sawyer continued:  “And second to that, in the SME space they don’t have the same amount of dollars to spend on IT defense and on the systems to protect themselves, so they themselves become the softer target.”

Many of the softer SME targets are business and supply chain partners of larger corporations. As a result, nation-state actors often use them as entry points into the more valuable targets.

A recent example is the NotPetya ransomware attack where it is believed a nation state compromised Ukrainian software accounting program M.E. Docs and pushed an update to all the Ukrainian government organizations which were required by law to have the software.


This story in an excerpt of the original. The content originally appeared in Cyber Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Cyber Front Page News on October 30, 2017.

Josh is an Editor at Advisen in the Research & Editorial division. He is the lead editor responsible for several of Advisen’s Front Page News editions and he also originates custom research on behalf of Advisen’s largest insurance company clients. Contact Josh at [email protected].