The Trellix global threat research, In the crosshairs: Organisations and nation-state cyber threats, shockingly reveals the service disruptions, exposed data, and substantial financial costs of the SolarWinds breach, the Microsoft Exchange Hafnium incident, and other high-profile attacks were all driven by nation-state cyberattacks.
State attackers are relentless, and while cyberattacks can come from anywhere it is the government-driven nation-state attacks, along with their criminal proxies, which are the most dangerous because they are the most capable and best-resourced, and are persistent in their determination.
Trellix explains it's a huge problem for the international community; victim organisations lose reputation, have innovation investments exposed or diluted, and suffer in numerous ways. In fact, Trellix finds cybercrime costs the world an estimated one trillion dollars per year.
Trellix expects this will only increase because it is so rewarding to the perpetrators and there are so few penalties. How can companies defend themselves, and how can legislators develop policies to respond to nation-state actors?
These are the questions Trellix sought to answer, along with how organisations perceive and prepare for the threat of nation-state actors and how their perception actually aligns with the motivations and effects of such attacks.
Trellix surveyed 800 IT security decision-makers across the United States, the United Kingdom, Germany, France, Japan, India, and Australia over November and December 2021. Respondents came from organisations with 500 or more employees from a range of industries predominantly focused on critical infrastructure.
In the crosshairs: Organisations and nation-state cyber threats, by Trellix global research, is the result; an easily-digested - but gripping and sobering - 21-page report that CISOs, business leaders, and legislators must read.
Trellix found the line between state and non-state actors continues to blur and 86% of respondents believe they have been targeted by a cyberattack from an organisation acting on behalf of a nation-state. Yet, Trellix also found only 27% of respondents are confident they can differentiate between nation-state and other cyberattacks.
Trellix found state actors are more likely to focus on data than financial benefit, though it still incurs an estimated cost to the victim of more than one million dollars per incident.
Despite this, Trellix also found that 10% of organisations surveyed still do not have a cybersecurity strategy. Many respondents indicated limited skills and outdated network technology and security tools increase their vulnerability.
91% of respondents think the government needs to be doing more to support organisations and defend infrastructure against state-backed cyberattacks.
This is the milieux that Trellix finds global businesses sitting in. So what do we do? How can your business effectively protect itself when North Korea wants money to prop up the Kim Jong-un regime or simply takes offence, such as when Sony Pictures was hacked after releasing a movie seen as an insult to the Great Leader? What do you do to protect your business when the Russian state targets espionage in the energy sector or seeks to spread disinformation? Or, even when it targets a political enemy but its effects spread, as in the case of NotPetya which was aimed at the Ukrainian government but went worldwide? How can your business protect itself from Chinese government-sponsored IP theft? Trellix provides details on dozens of cyberattacks carried out by state actors for over a decade.
Trellix finds companies and government agencies need to make decisions in an uncertain environment to protect against a range of threats. The consequences are serious for not doing so.
However, thankfully, Trellix also finds better cybersecurity is not dependent on full certainty in the attribution of an attacker or their motives. There is still much that can be done even if it cannot be ascertained who is behind an incident.
Consequently, Trellix advocates regardless of sector, organisations must ensure a baseline level of cyber hygiene and training to best defend against a wide range of incidents.
This includes updating defence capabilities, identifying what needs to be protected, assessing actual capacity, reviewing third-party providers, and increasing communication.
It's easy to say, but as the research findings identify, there are still too many companies not putting basic precautions into place.
The report is disturbing yet gripping and pulls back the covers on the shady world of cybercrime that’s well-funded and well-protected by governments themselves as they commit cyber warfare. For any business caught in the middle, you must acknowledge this is today’s reality, and you must take action.
Download the Trellix global threat research report, In the crosshairs: Organisations and nation-state cyber threats here.