Reports that the Norwegian military has admitted to being targeted by a potentially serious cyber attack should act as a wake-up call to UK organisations on both sides of the private/public-sector divide, says Venafi, the Enterprise Key and Certificate Management (EKCM) solutions specialist.

According to Jeff Hudson, Venafi CEO, the rash of targeted cyber attacks in recent weeks against several major corporates such as Sony - and now attacks against military targets - shows that the cybercriminals are refining their attack strategy.

"It doesn’t take an industry expert to know that “the bad guys”, aka hackers, will always target the most vulnerable area of a company’s security fabric. Often the weakest link is poor encryption key and certificate management. Where previously cyberattacks against government systems and major corporates could be shrugged off or overlooked because of the efficacy of conventional, multi-layered IT security systems, it's clear that a new strategy is called for," he said.

"That strategy now needs to draw in allied technologies such as pervasive  encryption of all data—both at rest and in motion—which requires effective access controls and key and certificate management to protect an organisation's private data, which of course, is what the cybercriminals are really after in these types of attacks," he added.

The attack on the Norwegian military - in which 100 senior members of the country's defense department received an email plus attachment that appeared to come from the government - was carefully planned and well executed, says Hudson, who added that it was interesting that at least one person is reported to have opened the attachment. This launched an unknown malware that executed commands that compromised the machine before it was stopped from spreading further.