Companies can try and limit which types get through by having data policies that restrict access to critical information and intellectual property. Zwienenberg said companies should consider strengthening Bring Your Own Device policies as well, noting that a flash drive was used to infect Iranian computers with Stuxnet.
If it seems like the advice for detecting state-sponsored attacks and other cyberthreats is the same, that’s because it is and they often use the same tactics. What makes an attack likely to be categorized as state-sponsored is intent. If the target of the attack is data or a facility that would be of particular interest to a non-friendly neighboring country, that’s a sign.
Last month, Google announced that it would be taking steps to warn users when their accounts were under attack by state-sponsored attackers. The company said it wouldn’t reveal how it’s able to determine the source of the attacks.
“That would be difficult,” Zwienenberg says of Google detecting state-sponsored attacks. “[But] storing lots of information-- forensic readiness--and correlating data is a good way to start.”