I struggle with this a bit. I 100% agree that a small org can ever expect to defend *fully* against the full might of a nation-state. But the situation is complex and, actually, they probably can defeat 99% of the things nation-state attackers do. (cont'd 1/??) https://twitter.com/ciaranmartinoxf/status/1343658301821751296
That is why it is complex and saying the Government must take over and save them is pretty much doomed, while simultaneously promising something which will never happen.

No government has the resources to defend anything other than critical infrastructure properly. Even then...
In practical terms, the overwhelming majority of nation-state attacks are *trivial* we just focus on the exciting outliers because that helps drive budgets and get headlines. Phishing is *still* the main way a nation-state will pop your environment
But it is still complex. In practical terms, for a defender, there is almost no difference in an attack from a nation-state and an attack from a criminal group. Often there is no difference between a nation-state and any form of threat actor. Phishing is still phishing.
Even when it comes down to objectives, telling the difference between Nation-State and Criminal-Group is difficult. Often it is largely pointless. Do you care if ransomware is a criminal group or North Korea? Does it make a difference in how you respond? Rarely is the answer yes.
Often, even if it does matter, you won't know it is a nation-state or not until you are quite advanced into the incident response. It is fairly rare to know this while you have an active attacker, so the question becomes what could the government do to help?
It also feeds into the problem where organisations who have clearly shoddy security processes cry "nation-state" and claim it is all not their fault (Talktalk for example). Even when it turns out to be skiddies.
Fundamentally, you defend against a Nation-State exactly the same way you defend against a script kiddie. Mail filtering, traffic monitoring, default-deny outbound etc. All work just as well. If you cant do them against an APT, you can't do them against some idiot with kali.
Fundamentally, while the Government *should* help, it has to be the responsibility of every company to defend their resources. The help is already there, it just costs money so it gets ignored.
You can follow @tazwake.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.