Resources

News & Thought Leadership

Check out the latest news, insights, and updates.

Videos & Podcasts

See and hear more about our capabilities and tech.

Frequently Asked Questions

Uncover answers + common myths and misconceptions.

The Data Triad

Discover why protecting Data in Use is critical.

Company

About Us

Learn our story and meet our team.

Our Partners

Explore our collaborations to advance secure data usage.

Careers

We're hiring!
Consider our active openings — Join our team!

Use Cases

We're hiring!
Unlock untapped opportunities across verticals.

Verticals

Public Sector

Mission-enabling, transformative data usage for federal users.

Financial Services

Secure and private data sharing across silos and jurisdictions.

Healthcare

Securely use and collaboration with sensitive, health-related assets.

Secure AI

Enhance decision making, protect privacy, and combat ML/AI risks.
We've just released an article!
Highlights of tremendous progress in the Privacy Enhancing Technologies market
Book a Demo
May 30, 2019

SecurityWeek: Nation-State Security Is A Private Sector Necessity

Enveil CEO Ellison Anne Williams writes about the importance of nation-state level security in the private sector and why companies must be informed and prepared to face such threats.

Attackers With the Backing and Sophistication of Nation-States Are Increasingly Targeting Commercial Entities

There is no one-size-fits-all mold for attackers in the security space. We can – and should – do our best to stay informed regarding the latest threat assessments, industry trends, and breach disclosures. While threats facing private industry and government may once have looked distinctly different, the line separating attackers pursuing these two arenas is now so blurred that it’s often hard to distinguish one from another. Nation-state attackers who once could be  identified by a combination of targets, motivations, and tactics no longer fit cleanly into a specific box. Attackers with the backing and sophistication of nation-states are now targeting commercial entities for reasons ranging from financial gains to cultivating economic, social, and political disruption.

U.S. Director of National Intelligence Daniel Coates highlighted the uncertainly associated with these increasing threat actors in his 2018 Worldwide Threat Assessment:

The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits.”

Attack vectors that were once reserved for highly sophisticated nation-state actors seeking diplomatic or military intelligence have now become pervasive in the commercial world. It’s now reached an undeniable scope and scale with far reaching consequences. Nation-state security is now a private sector necessity and enterprises must be informed and prepared to face these threats.

Recently, the National Counterintelligence and Security Center initiated an awareness campaign called “Know the Risk, Raise your Shield” to warn U.S. companies of the importance of defending against nation-state attacks. The communications cite increasing attacks on government and corporate systems by groups, including Chinese, Russian, and Iranian intelligence, looking to steal databases and trade secrets. "The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars,” said NCSC Director William Evanina. The effort specifically warns against the attacks on corporate supply chains, spear-phishing emails, and social media deception as possible network entry points.

The worst thing we can do is underestimate an attacker. Risk assessments and breach investigations are incredibly important in the ongoing battle to stay ahead of attackers, but the information we gather after a breach event occurs can only do so much to prevent the attack on the horizon. As great as security practitioners are, they don’t have crystal balls. At the end of the day, we’re left combating an enemy we can’t fully define and we’ve reached the point where the only safe assumption is preparing as though all attackers attempting to infiltrate your network will be armed with a nation-state level of sophistication. We continue to see a surge in the number of organizations embracing the Zero Trust security model, a concept centered on the assumption that every environment in untrusted, no matter if it’s inside or outside an organization’s perimeters.

When considering nation-state attackers, there are a number of ways to begin ensuring your organization is battle-ready:

Know your data assets: Data and IP-rich businesses are prime targets for state actors using sophisticated techniques. These attackers often focus on an organization’s Crown Jewel data, the information that holds the most value because of its significance and/or potential for disruption. Organizations need to identify assets that fall into this category and recognize that they require an extra level of protection.

Think like an attacker: Identify your most vulnerable attack vectors and have specific response plans in place. Conducting regular risk assessments and red-team operations is a great way to uncover potential weaknesses in your overall security posture. Such evaluations must be performed regularly – vulnerabilities develop at the speed of innovation.

Evaluate your arsenal: Are there holes in your defenses? Ensure the products you use adhere to industry standards, evaluate your third-party touch points, and understand your best tools to combat specific threats. Standards and best practices are some of the most relevant tools we have to evaluate the effectiveness of a given technical solution. While the innovative leadership role of the private sector is undeniable, the reality is that the government and nonprofit groups issuing these recommendations have been in the battle for longer than most of the solutioning companies have been in existence. It doesn’t mean that they know everything – or share everything they know – but it is certainly worth heeding the guidance they provide.

Continue to update and evolve: Unfortunately, an effective security strategy is a moving target. Attackers are constantly discovering new tactics and targets and so our protection strategy must be elastic as well. Sometimes this means patching and implementing incremental improvements; sometimes it means flipping the whole strategy on its head. The most dangerous security foe is often complacency.

By recognizing the pervasiveness of nation-state attackers in the commercial market, identifying vulnerable attack surfaces, and committing to the necessary groundwork required to prepare your systems, security teams can ensure their company is ready to defend against these sophisticated attackers.

Read the full article at SecurityWeek.

To learn more about the expanded value unlocked by Enveil, please schedule a meeting.
Enveil Logo
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities change the paradigm of how and where organizations can leverage data to unlock value. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s award-winning ZeroReveal® solutions for secure data usage, collaboration, monetization, and Secure AI protect the content of the search, analytic, or model while it's being used or processed. Customers can extract insights, cross-match, search, analyze, and leverage AI across boundaries and silos at scale without exposing their interests and intent or compromising the security or ownership of the underlying data. A World Economic Forum Technology Pioneer and Gartner Cool Vendor, Enveil is deployed and operational today, revolutionizing data usage in the global marketplace.
Copyright © 2024 Enveil | Privacy Policy