Which security measures are reasonable for senior management in a Fortune 500 company if nation state threat actors like APT28 become a concern?
Current Threat Intelligence leads me to believe, that Senior Management of my company could be targeted by Threat Actors like APT28.
Threats I am concerned about are - listed by priority:
- Information gathering
- Corporate Espionage
- Disruption of Services
We already have a relatively mature information security posture with all the abbreviations that you can buy (think SIEM, SOC, EDR, PKI, VPN, MFA, etc) and things like Awareness Training and Third Party Risk Assessments. All of these processes and services are tailored to the general workforce.
However, with Senior Managers having a wildly different style of work compared to the typical office worker - lots of travel, work mostly with mobile devices, public personas - my sense is that there must be special security services in place.
What specific security services should be provided to senior management of a Fortune 500 company that could be targeted by highly sophisticated nation-state threat actors like APT28?
