Lessons for Organizations from the South Korea Defense Agency Cyber Attack

The importance of administrator authentication

Two-step authentication is a vital measure of protection against not just DLP attacks, but any similar cyber attack that targets vulnerable programs and apps with high-level administrative access.

Dana Tamir, VP of Market Strategy at Israeli enterprise-focused cybersecurity company Silverfort, expands upon the importance of multi-factor authentication in business settings:

“Protecting privileged access to sensitive systems and resources is critical to organizations. If privileged accounts, credentials or secrets become compromised, an adversary may gain unfettered access to the organization’s crown jewels. Requiring administrators to authenticate with second authentication factor (MFA) can prevent unauthorized access by hacker. Until today it was difficult to add MFA for privileged access, but a new generation of agentless MFA solutions can now seamlessly secure any access to any sensitive systems, including administrative console, SSH, RDP and session managers.”

Institutional culture and network security

As Dana Tamir points out, it is now possible to implement MFA even with legacy networks for which it previously would not have been viable. The only real stumbling block is institutional rigidity.

Colin Bastable, CEO of Lucy Security, aptly points out how the South Korean military structure may have been a prime example of organizational rigidity getting in the way of best security practices:

“Hackers taking control of DLP (Data Leakage Prevention) software is sub-optimal, to say the least. We must assume that the damage is far more severe, pervasive and extensive than stealing some purchase orders. The Koreans have not yet found out how bad it is.

“South Korea is the front line of the second Cold War: it is a highly centralized, fully wired, very advanced cyber-aware society with a strong top-down culture; this makes them especially vulnerable to cyber attacks. There’s a fundamental problem with military organizations and cybersecurity – there are few rewards for questioning security of systems, and lots of career downside. No one gets promoted for exposing the failings of a senior officer. In such cases, the first instinct of the military is to close ranks, get rid of the troublemaker and promote the incompetents out of the way.

“Obeying orders and countering cyber attacks do not go hand in hand, which is why hackers, whether state actors or schoolkids in their rooms, will always find a way in.”

The military is an extreme example, but certain elements of this are not uncommon to entrenched corporate cultures. For example, a culture in which members feel it is not safe to share opinions on or information about cybersecurity, or a very rigid culture in which a non-tech-savvy CEO makes relevant decisions on behalf of the entire C-suite with little input from below. Some companies prioritize sparing their members public embarrassment over implementing and maintaining proper cybersecurity policies, as was famously demonstrated when Uber paid off their attackers to cover up their high-profile 2016 data breach. And with other companies, it’s a case of looking at cybersecurity as another budget item (to be trimmed whenever possible) rather than a critical core component of everyday operations.

Not just for governments and enterprise businesses

The South Korea attack made national news because it penetrated a government agency, but government agencies and large corporations are not the only targets for attacks such as these. In fact, data indicates that hackers in general have an almost equal preference for small businesses as they view them as softer targets.

Does that mean your business will be attacked by Kim Jong-un and his North Korean hackers? It’s not all that likely … but it’s also far from impossible. Keep in mind that North Korea is widely believed to have been behind the “WannaCry” ransomware attacks of 2017 (according to the United States) that resulted in damages in the hundreds of millions of dollars across 150 countries. The North Korean regime is strapped for certain resources yet has high-level cybersecurity researchers working for it, so hacking easy targets for profit is clearly not out of the question.


Leave a Reply

Please Login to comment
Notify of

Follow CPO Magazine