86% of Organizations Believe They've Faced a Nation-State Cyber-Attack

Nearly nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor, according to a new study by Trellix and the Center for Strategic and International Studies (CSIS).

The research, which surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US, also found that 92% of respondents have faced, or suspect they have faced, a nation-state backed cyber-attack in the past 18 months, or expect to experience one in the future.

The findings have come amid Russia’s invasion of Ukraine, which is expected to permanently alter the cyber-threat landscape for all organizations.

Unsurprisingly, Russia and China were identified as the most likely suspects behind such attacks. Two-fifths (39%) of organizations that believe they have been targeted by a nation-state-backed cyber-attack in the past 18 months suspect the attack was by Russia, while 44% of those expecting to face nation-state threats in the future identified Russia as the most likely perpetrators. For China, the figures were 35% and 46%, respectively.

More than 90% of respondents said they are willing to share information on nation-stated sponsored attacks, but not always with full details of the incident or its effects. In addition, more than nine in 10 think governments should do more to support organizations (91%) and protect critical infrastructure (90%) against nation-state-backed cyber-attacks.

The report also revealed most organizations have difficulties in accurately determining if a cyber-attack is linked to a nation-state, with just 27% of respondents saying they have confidence in their ability to do so.

The researchers highlighted key distinctions between nation-state and cybercrime groups to help organizations better differentiate between the two. One is regarding motivation, with nation-states tending to use cyber-operations to steal sensitive information, influence populations and damage critical infrastructure, as opposed to seeking financial gain.

The two also take different approaches to compromising organizations’ systems. While cyber-criminals aim to quickly get in and out of networks, nation-state attackers tend to get in carefully and loiter for years.

The IT decision-makers estimated the total financial impact of a nation-state cyber-attack to be $1.6m. Yet, despite the growing cyber-threat posed by nation-states, just 41% of organizations distinguish and provide specific guidance for state-backed attacks. Even more worryingly, 10% admitted they still do not have a formal cybersecurity strategy, including 9% of critical infrastructure organizations.

Bryan Palma, CEO of Trellix, commented: “As geopolitical tensions rise, the likelihood of nation-state cyber-attacks rises as well.

“Cybersecurity talent shortages, outdated IT infrastructure, and remote work are the greatest challenges in today’s operating environment. Organizations must improve their automation, remediation and resiliency capabilities to defend against increasingly sophisticated attacks.”  

James Lewis, senior vice president and director, Strategic Technologies Program for CSIS, added: “Nation-states and their criminal proxies are some of the most dangerous cyber-attackers because they are capable, best resourced and extremely persistent.

“It’s not surprising that nation-states, particularly China and Russia, are behind many of the cyber-attacks organizations experience; what is surprising is that 86% of respondents in this survey believe they have been targeted by a group acting on behalf of a nation-state, and only 27% are completely confident in their organization’s ability to recognize such an attack in contrast to other cyber-attacks.”

What’s Hot on Infosecurity Magazine?