The US Government does a very good job of technically securing its systems. There is rarely a report of attackers compromising US Government computers through technical exploits. So, how do attackers do it?
A recent report in The Hill describes how Chinese and Russian cyberwarriors are using the same tactics to cyberattack the United States Government. What are these common tactics? Spearphishing emails. Why would two adversaries adopt identical tactics?
About 2,500 years ago Sun Tzu, the Chinese general, strategist and tactician, wrote what is considered by many to be the definitive work on military strategy and tactics — the Art of War. Among the principles he set forth are these:
- All warfare is based on deception.
- So in war, the way is to avoid what is strong, and strike at what is weak.
In a spearphishing attack, the attackers use deception to target the weakest element in every computer network — the users.
Attackers know how to get small volumes of email delivered. Email delivery is not a secret because email is a standards-based system open to everyone. Attackers know that users, not IT, will decide what emails to open — at the peril of the enterprise. SP Guard strengthens defenses by allowing IT to give real time intelligence to the real decision-makers — users.