Connect with us

Hi, what are you looking for?

Business

Business lessons from Salt Typhoon

Operational simplicity remains key for organizations to detect Salt Typhoon activity.

What would a cyberattack on your local government look like? Drata analyzed threat trends to break down the growing issue.
What would a cyberattack on your local government look like? Drata analyzed threat trends to break down the growing issue. - THOMAS SAMSON/AFP // Getty Images
What would a cyberattack on your local government look like? Drata analyzed threat trends to break down the growing issue. - THOMAS SAMSON/AFP // Getty Images

Cyber-espionage group ‘Salt Typhoon’ targeting ‘at least’ eight US telecom and telecom infrastructure firms, according to The Guardian. U.S. government agencies have held a classified briefing for the House of Representatives on Salt Typhoon. This was the largest intelligence compromise in US history and it sparked a call to all U.S. citizens to switch to encrypted communications.

Providing insights on Salt Typhoon and how organizations can proactively defend against APTs for Digital Journal is Renuka Nadkarni, Chief Product Officer at Aryaka.

Nadkarni explains why the recent incident carries potential concerns for businesses: “Events like Salt Typhoon underscore how enterprises and users remain susceptible to breaches due to dependencies on external infrastructure. As distributed applications increasingly rely on public clouds, SaaS, and global service providers for computing, storage, and networking, organizations face expanding attack surfaces outside of their control. Breaches become a matter of “when” not “if.”

There are structural reasons why vulnerabilities occur, linked to organizational setup and culture. Here Nadkarni reasons: “Many organizations rely on fragmented solutions from various vendors, leading to a lack of integration and limited visibility across their infrastructure, making it challenging to detect hidden malware. There is a lack of visibility due to complex environments such as sprawling IT systems with numerous endpoints, servers, and cloud integrations, which makes monitoring harder. Many organizations don’t log enough data or retain it long enough to trace the full extent of the compromise.”

As a solution, streamlining is key. Nadkarni thinks: “Operational simplicity remains key for organizations to detect Salt Typhoon activity. These processes can become burdensome and difficult to sustain. Establishing clear roles and responsibilities for managing security policies and procedures is essential to maintaining an effective and manageable defence.”

There are other measures that can be taken. Nadkarni recommends: “In addition to the guidance released by the FBI and CISA, organizations should adopt a zero-trust architecture that requires authentication and authorization for every access request, to help limit lateral movement and minimize the impact of a breach.”

Furthermore, Nadkarni proposes: “Additionally, organizations should prioritize threat hunting by monitoring known APT-related indicators of compromise (IOCs) and indicators of Attack (IOAs). By utilizing network segmentation and AI-driven automation, organizations can quickly detect, triage, and respond to APT activity.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The partnership will raise awareness of the vital role that CIOs and senior technology leaders play in shaping the future of business.

Business

James Keirstead shares Levven’s journey of innovation, overcoming industry resistance and regulatory hurdles to revolutionize home wiring.

Social Media

Social media Meta made hundreds of thousands of dollars last year from content posted by a well-known pro-Russian disinformation network.

Tech & Science

Stargate could be a great move or a huge comeuppance. We’ll see.