What threat do nation state hackers pose to businesses?
Whether it's spying, disruption or economic sabotage, companies are increasingly at risk of state-sponsored cyber attacks
In today's digital economy, businesses face the risk of cyber crime on a daily basis. What's more, the attacks they face are not only growing in scale and complexity, but are increasingly backed and funded by countries.
Nation state attacks aren't a new phenomenon, but the main targets have typically been military, government and critical infrastructure organisations. Increasingly, though, state-backed cyber criminals are targeting enterprises across industries as diverse as healthcare, financial services, education and entertainment to achieve foreign policy goals.
Research shows that such attacks against companies are growing. In July, Microsoft warned that around 10,000 of its customers had been targeted by a state-sponsored attack - with 84% of them being enterprises. Most of these attacks were launched by hacking groups operating in Iran, Russia and North Korea.
Verizon's Data Breach Investigations Report shows the number of data breaches caused by nation states rose from 12% in 2018 to 23% in 2019 and it seems unlikely this trend will reverse any time soon. There's no doubt these attacks will continue to grow over the coming months. As nation states continue to diversify their cyber arsenal, what can businesses do to mitigate these threats?
For centuries, bombs and guns have been the main weapons of warfare. But in today's interconnected society, many countries are leveraging technology to launch attacks on companies and critical infrastructure.
Richard Hummel, threat research manager at Netscout, says: "Russia, Iran, China, and North Korea are just a handful of the countries known for their cyber capabilities, their interference in political venues, and the constant barrage of corporate espionage. Non-profits, educational institutions, missile defense technology, or crypto-currency exchange remain an interest to nation-state adversaries whether to further their own countries' agenda or gain an advantage in corporate environments."
Although cyber criminals are always finding new and more sophisticated ways to target companies, the majority of attacks still use traditional, low-tech methods.Hummel says: "Email phishing reigns supreme as the primary intrusion vector, underscoring the need for organisations to have protections in place, but also a critical need to employ a security awareness program to educate employees how to recognise and report phishing and social engineering attempts."
But why are nation states targeting foreign companies through cyber attacks? Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec), believes that the biggest motivator is economic prosperity as companies with valuable intellectual property often find themselves being targeted.
"For instance, the laptops that were stolen from UK wave power company Pelamis [in 2011] are believed by many to be directly connected to extremely similar products appearing in China soon after," she says. The burglary came just months after Li Keqiang, then vice-premier of the state council of China, and 60 accompanying delegates visited Pelamis' facility, which has led to suspicions the Chinese government was somehow involved. The China Shipbuilding Industry Corporation (CSIC) has said such claims are groundless.
Other factors include political leverage and national security. She continues: "Huawei's efforts to sell telecom technology to the West have created concerns over the possibility of the Chinese government carrying out surveillance or disrupting national infrastructure. These sorts of risks of sabotage at the hands of foreign companies such as Huawei can be motivators for nations to carry out espionage as a matter of national security."
Companies that fall victim to nation state attacks can face consequences far beyond simply being locked out of systems or having data stolen, too. "The fines that come in the wake of an attack can be crippling and the incident can also lead to a loss of confidence from investors and stakeholders; being cut off from financial resources can stall a company into inactivity, and even cause a collapse," says Finch. "Even if a company does survive an attack in the short term, the blow an incident like this can deal to reputation and public trust can have a far more lasting, insidious effect."
Mitigating these threats, according to Finch, comes down to implementing defined approaches to security at both national and enterprise level. She adds: "It's vital that national agencies, such as the NCSC, collaborate with and provide guidance to businesses of all sizes to help defend against these attacks.
"It simply isn't realistic to expect every company, particularly small ones, to withstand targeted attacks fuelled by extensive cyber resources from the likes of the Chinese, North Korean or Russian governments without any support. A joint approach is the best approach for survival."
Cold War 2.0
Information security expert and director of Cyber Simplicity Raef Meeuwisse believes that increased political and economic tensions is resulting in a cyber cold war. He tells IT Pro: "Although many organisations might think that valuable intellectual property or managing critical national infrastructure are the only targets, the reality is that state-sponsored attacks pose a real threat to many of us, either as collateral damage from a major new virus, or simply because we never thought through how compromising our own digital landscape might be useful to a state sponsored attack."
While these threats are growing, he says mitigating nation-state attacks is something very few organisations have the power and resources to do. "This is not because it is not possible, but it is very expensive. Mitigating nation-state sponsored attacks requires embedding security-by-design in the digital assets of value," claims Meeuwisse.
To stay one step ahead of state-backed hackers, he says organisations need to invest in their cyber security strategies. "It requires ongoing investment into tools capable of detecting and defending against zero-day attacks, and requires capabilities to quickly decontaminate and restore the technologies your key products and services depend upon.
"Until you have the confidence that your organisation has achieved security by design and has identified and deployed effective means to cope with and mitigate zero-day attacks, you are at a far greater risk than just cybercrime."