Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >Active Defence: Beating Nation-State actors at their own game
    Technology

    Active Defence: Beating Nation-State Actors at Their Own Game

    Published by Jessica Weisman-Pitts

    Posted on August 10, 2021

    5 min read

    Last updated: February 17, 2026

    Add as preferred source on Google
    This image illustrates the concept of active defense in cybersecurity, highlighting strategies to combat nation-state actors exploiting vulnerabilities. It aligns with the article's focus on innovative security measures.
    Active defense strategy against nation-state cyber threats in technology - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Tags:cybersecurityinnovationrisk managementtechnologyfinancial services

    Active Defense Strategies Against Nation-State Cyber Threats

    By Timothy Nursall, active defence advocate at Illusive

    According to a recent study conducted by HP and researchers at the University of Surrey, the years between 2017 and 2020 saw a 100% increase in ‘significant’ nation-state incidents. According to experts, this trend was somewhat accelerated by the pandemic, which forced businesses to shift to remote working and left many unprepared to secure such an expanded attack surface. With malicious threat actors constantly developing new ways to bypass security defences and becoming increasingly creative in their approach, security vendors are being left in the dust, struggling to cope. The exponential rise in nation-state attacks, however, is shining a light on the reality of the current approach to cyber-security and is driving a shift toward a more active defence against threat actors.

    Albert Einstein once described insanity as “doing the same thing over and over again and expecting different results.” Why then, is this wisdom not being applied to our approach to security, if it is failing to deliver the right results?

    Solely looking at the SolarWinds espionage hack as an example, we know for a fact that cyber adversaries do not have any regard for anyone but themselves. This is especially true in relation to nation-state attackers. The SolarWinds hack extended beyond just the infiltration of SolarWinds and, as a matter of fact, as many as 30% of the private-sector and government institutions that were breached reported having no links to SolarWinds. By exploiting software vulnerabilities, weak spots within the cloud-based software, and guessing passwords, attackers were able to gain access. This has resulted in an attack the extent of which remains unclear to this day. Adversaries likely obtained a foothold in several organisations stealthily and waited in silence for the right moment to strike.

    The key here is to identify what it would be more cost-effective for organisations to focus on: defending endpoints from multiple entry vectors, scattered across increasingly long supply chains, or making it harder for attackers to move through the network and reaching sensitive assets. Once inside the network, the type of attack that these groups carry out tends to remain consistent and in almost all instances requires moving laterally through the network.

    In fact, the many recent large-scale cyber-incidents have demonstrated that endpoint detection and response (EDR), as a defence tactic, is no longer sufficient to stop nation-state actors from carrying out harmful attacks. The attention is now shifting to the security vendors, and all signs point to switching from a defensive tactic to an active one. In other words, the asymmetrical paradigm must be flipped to push the cost and burden onto the attackers. To achieve this, companies must always assume than an attacker has already breached their security defences and is roaming through their systems. Thus, time, resources and money can be focused more toward protecting critical assets as opposed to on attempting to keep attackers out.

    A recent proof-of-concept exercise conducted with white-hat hacker Alissa Knight, stopping lateral movement is the most effective way forward when it comes to stopping attackers in their tracks. Without the ability to freely roam in the network, Alissa was stopped on her tracks, unable to gain access to anything valuable.

    Best Practices:

    •       Know your critical assets:It is vital to understand and identify your most important assets. How can you protect something that you don’t know exists? Even if the knowledge is only partial, it is best to start somewhere and build onto it, than to get caught out and lose critical assets.
    •       Minimise the points of access to assets: Find out who is accessing your important assets and from where. Make sure only those who need to be accessing these are able to do so, and cut off anyone else. Gaining full visibility into this will make it easier to catch out unauthorised persons or bots.
    •       Expand protection: While the critical assets are the most important things to secure, it is important to expand this protection to cover all points. If an attacker is free to roam your network without your knowledge, they will always find a way to gain access to your important assets. You need to be able to fully monitor the network, at all times to recognise suspicious behaviour before it’s too late.
    •       Cybercrime is inevitable: Nation-state actors along with other malicious attackers will always test the boundaries of a company’s security defences, therefore it is best to always have your guard up, always assume breach rather and take a proactive stance.

    It is clear that the sophistication of attackers is constantly evolving, which is why it is best to actively protect against attackers. By focusing on preventing lateral movement within a network, as opposed to wasting time on trying to protect borders that will inevitably get breached, companies can finally take a stand and beat nation-state actors at their own game.

    Frequently Asked Questions about Active Defence: Beating Nation-State actors at their own game

    1What recent trend has been observed in nation-state cyber incidents?

    A study showed that there was a 100% increase in significant nation-state incidents between 2017 and 2020.

    2Why is endpoint detection no longer sufficient?

    Recent large-scale cyber incidents have demonstrated that endpoint detection and response (EDR) is inadequate to stop nation-state actors.

    3What is the most effective way to stop attackers?

    Stopping lateral movement within a network has been identified as the most effective strategy to halt attackers in their tracks.

    4What does the article suggest about the cost-effectiveness of defense strategies?

    Organizations need to focus on what is more cost-effective: defending endpoints from multiple entry vectors or actively preventing lateral movement.

    5Who conducted a recent proof-of-concept exercise related to cyber defense?

    The proof-of-concept exercise was conducted with white-hat hacker Alissa Knight.

    Previous Technology PostToshiba Returns to Q1 Profit on Demand for Automotive Chips
    Next Technology PostCollaboration for Good: Aviation Operational Tech Solves COVID-19 Nurse Scheduling Problem
    More from Technology

    Explore more articles in the Technology category

    Image for Innovation Through Partnership: The Role of External Tech Teams
    Innovation Through Partnership: The Role of External Tech Teams
    Image for Nominations Open for Technology Awards 2026
    Nominations Open for Technology Awards 2026
    Image for Nominations Open for Innovation Awards 2026
    Nominations Open for Innovation Awards 2026
    Image for Archie earns industry recognition across G2, Capterra, and SoftwareReviews
    Archie Earns Industry Recognition Across G2, Capterra, and SoftwareReviews
    Image for The Bankaool Transformation: How a Regional Mexican Bank Became a Fintech Disruptor
    The Bankaool Transformation: How a Regional Mexican Bank Became a FinTech Disruptor
    Image for Submit Your Entry Today for Digital Banking Awards 2026
    Submit Your Entry Today for Digital Banking Awards 2026
    Image for Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Image for Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Image for Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Image for Entrepreneurial Discipline in the AI Economy: Insights from Dmytro Lavryniuk
    Entrepreneurial Discipline in the AI Economy: Insights From Dmytro Lavryniuk
    Image for Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Image for Call for Entries: Best Digital Wallet 2026
    Call for Entries: Best Digital Wallet 2026
    View All Technology Posts