- 86% of respondents believe they have been targeted by a cyberattack conducted by a group acting on behalf of a nation-state
- Only 27% of respondents said they have complete confidence in the ability of their organization to differentiate between nation-state cyberattacks and other cyberattacks
- 9-in-10 respondents think the government should do more to support organizations and protect critical infrastructure against state-sponsored cyberattacks
There has been a growing increase on nation-state cyberattacks around the world. While organizations have adequate cybersecurity, many feel that when it comes to nation-state cyberattacks, the should rely on the government to help them defend against these sophisticated attacks. The reality is though, in most countries, government agencies normally monitor these threats and send out advisories to organizations to be vigilant about the threats.
For example, the US has the Cybersecurity and Infrastructure Security Agency (CISA) while in Southeast Asia, each nation has its own agency that overlooks cybersecurity as well. These include the Cybersecurity Authority of Singapore, Cyber Security Malaysia, and other bodies.
According to a report by Trellix and the Center for Strategic and International Studies (CSIS), nation-state actors differ from other cybercriminals. The report found Russia and China among the most likely suspects of being behind successful state-sponsored cyberattacks resulting in data loss, service disruption, and industrial espionage, which led to significant costs to the organizations attacked.
The report, In the Crosshairs: Organizations and Nation-State Cyber Threats, surveyed 800 IT decisions makers in Australia, France, Germany, India, Japan, the United Kingdom, and the United States, from a variety of industries. It also highlighted that the volume and severity of nation-state cyberattacks is a substantial problem for the international community and organizations are looking to governments to help solve it.
“As geopolitical tensions rise, the likelihood of nation-state cyberattacks rises as well. Cybersecurity talent shortages, outdated IT infrastructure, and remote work are the greatest challenges in today’s operating environment. Organizations must improve their automation, remediation, and resiliency capabilities to defend against increasingly sophisticated attacks,” said Bryan Palma, CEO of Trellix.
Why are nation-state cybercriminals a big concern?
The findings of the report showed that a staggering 92% percent of respondents have faced or suspect they have faced a nation-state-backed cyberattack in the last 18 months or expect to face one in the future. Most organizations also struggle to confidently and accurately determine if a cyberattack is linked to a nation-state given technical challenges and the efforts hackers go to hide their identity.
Unlike cybercriminals, nation-state actors focus on conducting intelligence operations to gain intellectual property and data to serve an economic or military goal, while also leaving backdoors in organization infrastructure for reentry. It’s also important to note that more state-sponsored attackers are seldom financially motivated compared to other cybercriminals.
Despite this, the risk to organizations is significant, with the average nation-state-backed cyberattack costing an estimated $1.6 million per incident. What’s more concerning was the report found 10% of organizations surveyed do not have a cybersecurity strategy. Interestingly, the report also found that 92% of respondents were willing to share information about an attack, but not always the full details.
When it comes to dealing with cyber threats, organizations are also looking to the government for guidance on how they can protect themselves while being hindered by a lack of breach disclosures. 90% of respondents think the government should do more to support and protect critical infrastructure from cyberattacks.
In the US, programs like the Cyber Safety Review Board, CISA’s Shield Up, and the White House’s new Office of the National Cyber Director are examples of programs governments worldwide should continue to develop to help protect critical infrastructure.
For James Lewis, senior vice president, and director of the Strategic Technologies Program for CSIS, nation-states and their criminal proxies are some of the most dangerous cyber attackers because they are capable, best resourced, and extremely persistent.
“It’s not surprising that nation-states, particularly China and Russia, are behind many of the cyber-attacks organizations’ experience; what is surprising is that 86% of respondents in this survey believe they have been targeted by a group acting on behalf of a nation-state, and only 27% are completely confident in their organization’s ability to recognize such an attack in contrast to other cyberattacks.”
The reality is though, while governments can provide warnings and advisory towards a state-sponsored cyberattack, organizations still need to have adequate cybersecurity protection. Organizations should not just rely on the government to protect them. This mindset will only leave them vulnerable to not just state-sponsored cyberattacks but any form of cyberattack.
While state-sponsored attacks are a concern, financially motivated cybercriminals can be a much bigger threat as their end goal could be more devastating to an organization. At the same time though, government agencies are already working towards ensuring critical infrastructures in the country have extra protection, as they are often targeted by nation-state cybercriminals.