A report from Trellix and CSIS highlights increased government support is required to defend against sophisticated nation-states.
Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), and the Center for Strategic and International Studies (CSIS) have released a global report, Crosshairs: Organizations and Nation-State Cyber Threats, examines security professionals’ mindsets towards nation-state actors, the extent they are being targeted, how nation state actors differ from other cybercriminals and how they view the role of government in responding to attacks.
The report found Russia and China among the most likely suspects of being behind successful cyberattacks resulting in data loss, service disruption and industrial espionage, which led to significant costs to the organizations attacked.
“As geopolitical tensions rise, the likelihood of nation-state cyberattacks rises as well,” said Bryan Palma, CEO of Trellix. “Cybersecurity talent shortages, outdated IT infrastructure and remote work are the greatest challenges in today’s operating environment. Organizations must improve their automation, remediation and resiliency capabilities to defend against increasingly sophisticated attacks.”
The report, written by CSIS and based on research conducted by Vanson Bourne, surveyed 800 IT decision makers from a variety of industries. It highlights the volume and severity of nation-state cyberattacks is a substantial problem for the international community which organizations are looking to governments to help solve.
Organization risk. Ninety-two percent of respondents have faced or suspect they have faced a nation-state backed cyberattack in the last 18 months or expect to face one in the future. The report also finds most organizations struggle to confidently and accurately determine if a cyberattack is linked to a nation-state given technical challenges and the efforts hackers go to hide their identity. Unlike cyber criminals, nation-state actors focus on conducting intelligence operations to gain intellectual property and data to serve an economic or military goal, while also leaving backdoors in organization infrastructure for re-entry.
The risk to organizations is significant, with the average nation-state-backed cyberattack costing an estimated US$1.6 million per incident. Yet the report finds 10% of organizations surveyed do not have a cybersecurity strategy.
Consumer impact. While access to consumer data was the motive for nearly half of reported state-backed incidents, only 33% of organizations reported reaching out to their customers to disclose the incident. The respondents view personally identifiable information (PII) related to either their customers or employees – as one of the main factors they would be targeted (46% and 40% respectively). As organizations prepare their cybersecurity strategies, risks to reputation and trust are at stake. Transparency with end customers should be considered in addition to ensuring direct communication with cybersecurity vendors, partners and government agencies.
Government guidance. The report found 92% of respondents were willing to share information about an attack, but not always the full details. Overall, organizations are looking to the government for guidance into how they can protect themselves while being hindered by a lack of breach disclosures.
Ninety percent of respondents think the government should do more to support and protect critical infrastructure from cyberattacks. In the U.S, programs like the Cyber Safety Review Board, CISA’s Shield Up and the White House’s new Office of the National Cyber Director are examples of programs governments worldwide should continue to develop to help protect critical infrastructure.