Organisations Outmatched By Nation-State Hackers, Survey Finds

New research from cybersecurity specialist Trellix and policy research organisation CSIS have provided an insight into the cyber predicament currently facing many businesses and organisations.

As geopolitical tensions increase amid Russia’s invasion of Ukraine, and cyberattacks increase from nation-state attackers, businesses are increasingly seeking government assistance and advice, as they find themselves outmatched.

This is according to research from Trellix and the Center for Strategic and International Studies (CSIS), entitled “In the Crosshairs: Organisations and Nation-State Cyber Threats.”

Cyber defences

As nation-state threats increase, the UK government has ramped up its national cyber defence (and indeed cyber offensive) capabilities.

Last December the government published its National Cyber Strategy, in an effort to ensure the country has the necessary means to defend itself in cyberspace.

During the first quarter of this year, the GCHQ’s National Cyber Security Centre (NCSC) has repeatedly warned UK organisations to act now in order to bolster their cyber security resilience.

Unfortunately, many UK organisations are still experiencing breaches, with some organisations reporting multiple breaches in the past 12 months.

Matters are not helped that not only are organisations having to contend with threats from conventional cyber criminals and hackers, but they are also having to deal with nation-state actors, who are causing new headaches for corporate IT departments.

Global Threat Actors

Amidst this background, the Global Threat Actor Report from Trellix and CSIS highlights the steps necessary to protect businesses from cyber-attacks, but also recognises the barriers that both public and private sector organisations are currently facing.

The report found that limited cybersecurity skills and outdated IT infrastructure are the two largest barriers for organisations when it comes to protecting themselves.

The research was carried out by Vanson Bourne, and surveyed 800 IT decisions makers in Australia, France, Germany, India, Japan, the United Kingdom and the United States, from a variety of industries.

It highlights the volume and severity of nation-state cyberattacks, which is a substantial problem for the international community, and organisations are looking to governments to help solve.

Key findings

The report found that ninety-two percent of respondents have faced or suspect they have faced a nation-state backed cyberattack in the last 18 months or expect to face one in the future.

Even more concerning, only 27 percent of respondents said they have complete confidence in the ability of their organisation to differentiate between nation-state cyberattacks and other cyberattacks.

And worse still, the report found that 10 percent of organisations surveyed do not have a cybersecurity strategy, including 9 percent of critical infrastructure providers.

The report also found that 9-in-10 respondents think the government should do more to support organisations and protect critical infrastructure against state-backed cyberattacks.

And more than 90 percent said they were willing to share information publicly when they faced a nation-state cyberattack, but not always with full details of the attack or its effect.

The financial services sector for example has been notoriously tight lipped for years about the impact of cyberattacks on their institutions and systems.

Indeed, the report found that while access to consumer data was the motive for nearly half of reported state-backed incidents, only 33 percent of organisations reported reaching out to their customers to disclose the incident.

Steps to take

“As geopolitical tensions rise, the likelihood of nation-state cyberattacks rises as well,” said Bryan Palma, CEO of Trellix. “Cybersecurity talent shortages, outdated IT infrastructure, and remote work are the greatest challenges in today’s operating environment.”

“Organisations must improve their automation, remediation, and resiliency capabilities to defend against increasingly sophisticated attacks,” said Palma.

“Nation-states and their criminal proxies are some of the most dangerous cyber attackers because they are capable, best resourced and extremely persistent,” added James Lewis, senior VP and director, Strategic Technologies Program for CSIS.

“It’s not surprising that nation states, particularly China and Russia, are behind many of the cyber-attacks organisations experience; what is surprising is that 86 percent of respondents in this survey believe they have been targeted by a group acting on behalf of a nation-state, and only 27 percent are completely confident in their organisation’s ability to recognise such an attack in contrast to other cyberattacks,” said Lewis.

The report also recommends that IT departments need to change their priorities to ensure that the appropriate training measures and technologies are successfully implemented.