Executive Summary: Organizations and Nation-State Cyber Threats

By John Fokker · March 28, 2022

Traditionally when we talk about threat actors, we first need to make the split between cybercrime and nation-state sponsored operations. Where cybercrime is mostly focused on financial gain, nation-state operations are often conducting strategic attacks to disrupt an adversary or in it for the long run, conducting intelligence operations to gain intellectual property to serve an economic or military goal.

However, over the years those lines have blurred and with the recent leaks of the chats of the Conti and Trickbot crews, government involvement cannot be excluded as the chats hinted towards State influenced cybercrime behaviour. Our team recently launched a new report – In the Crosshairs: Organizations and Nation-State Cyber Threats – written by the Center for Strategic and International Studies (CSIS) and based on a survey of 800 IT decision makers by Vanson Bourne. We sought to understand: are security teams capable, with their current technology and skills, to differentiate between these two and are they able to respond accordingly? This report digs into answering this questions and how global companies are coping with the cybersecurity challenges that come with nation-state threat actors.

Another change we have observed over the years is that, in most conversations when we talk about cyber incidents, the word “data” is used generically, like “the actors were after classified or sensitive data.” What exactly do we mean by data? Is it the intellectual property the actors are after? Or is it the data that will show them how to lateral move through the network? In other words, was the data that was stolen used in achieving the threat actor’s objective or was obtaining the data the actual objective? With the shift to an ‘always-on economy,’ attackers started to encrypt the data to impact the availability of the services? And if that is not enough, the actors are more than happy to leak data if they’re not paid fast enough, or a company refuses to pay because they have a working backup and recovery process in place.

One of the surprising outcomes of our survey is that respondents mentioned outdated infrastructure. We would expect that investments are yearly made to keep the infrastructure up to date, to serve the demands and changes that are constantly happening. Combined with responses around the cybersecurity skills shortage and an observed increase of cyber-attacks over the years, concerns raised about outdated security technology should raise a call to action across both the private and public sector. On top of that 10 percent answered honestly that there was no security strategy. Concerning in the light of the increasing number of cyber-attacks over the years. Whether it is nation-state or cybercrime-related, being able to detect, block and protect is key, and key to keep our society running.