RETURN TO MAIN BLOG
Nation-state sponsored cyberattacks are far more common than most people think, according to a recently-released report commissioned by CrowdStrike, which found that 81% of the 1,900 senior IT leaders and security professionals agreeing with the sentiment. When asked what would motivate a nation-state to attack, only 5% believe their organization is not at risk. The survey also concludes that 73% believe nation-state sponsored attacks have the potential to pose the single biggest threat to their organization in 2020. The stats are attention-grabbing and so is the study’s sponsor.
CrowdStrike is notorious because its incident response team reported that Russia hacked the Democratic National Committee (DNC) in 2016. President Donald Trump and his allies assert that Ukraine, China, another nation-state, even “somebody sitting on their bed that weighs 400 pounds” could also be responsible. Security experts worry that the politicization of security will undermine faith in what has become industry best practices. CrowdStrike is trying to be apolitical while at the same time using free publicity to generate demand for its Falcon offering, which correlates endpoint-related events to support threat hunting and threat intelligence.
Let’s cut through the disinformation and competing motives. Nation-states are a threat, but cybercriminals are much more likely to be doing the hacking. In fact, according to the survey in ISACA’s “State of Cybersecurity 2019,” only 12% of companies that had been “exploited” in 2018 had been attacked by a nation-state as compared to 32% by cybercriminals.
Verizon’s “2019 Data Breach Investigations Report” goes beyond surveys and analyzes reported incidents (a security event that compromises the integrity, confidentiality or availability of an information asset) and breaches (an incident that results in the confirmed disclosure — not just potential exposure — of data to an unauthorized party). Among breaches in which the threat actor was identified, 69% involved an outsider. A third of outsider-related breaches (23% of all the breaches) involved a nation-state or state-affiliated entity. In addition, 71% of breaches were financially motivated, while 25% were motivated by the gain of strategic advantage (espionage). Verizon also found that 62% of all cyberespionage related breaches were experienced by a public sector organization.
Proving that a foreign government is involved with a hack can be difficult, but most hacks commonly occur when the public sector is involved. Although there are widespread fears of corporate espionage, it is much harder to determine if a nation-state is to blame. Overall, nation-states are threats, but CrowdStrike is overstating the threat.