Organizations Outmatched by
Nation-State Cyber Threat Actors
March 29, 2022
global report examined security professionals’ mindsets towards nation-state
actors, the extent they are being targeted, how nation-state actors differ from
other cyber criminals and how they view the role of government in responding to
attacks. The report found Russia and China among the most likely suspects of
being behind successful cyberattacks resulting in data loss, service disruption,
and industrial espionage, which led to significant costs to the organizations
“As geopolitical tensions rise, the likelihood of nation-state cyberattacks
rises as well,” said Bryan Palma, CEO of Trellix. “Cybersecurity talent
shortages, outdated IT infrastructure, and remote work are the greatest
challenges in today’s operating environment. Organizations must improve their
automation, remediation, and resiliency capabilities to defend against
increasingly sophisticated attacks.”
The report, written by CSIS and based on
research conducted by Vanson Bourne, surveyed 800 IT decisions makers in
Australia, France, Germany, India, Japan, the United Kingdom and the United
States, from a variety of industries. It highlights the volume and severity of
nation-state cyberattacks is a substantial problem for the international
community and organizations are looking to governments to help solve. The report
will be launched from a virtual CSIS event today, March 28 at 3 p.m. EDT and can
be watched live or by recording via the event site. Trellix CEO Bryan Palma and
Trellix Head of Cyber Investigations John Fokker will discuss the findings as
well as the threat landscape and the need for private/public partnerships.
Organization Risk. Ninety-two percent of respondents have faced or
suspect they have faced a nation-state backed cyberattack in the last 18 months
or expect to face one in the future. The report also finds most organizations
struggle to confidently and accurately determine if a cyberattack is linked to a
nation-state given technical challenges and the efforts hackers go to hide their
identity. Unlike cyber criminals, nation-state actors focus on conducting
intelligence operations to gain intellectual property and data to serve an
economic or military goal, while also leaving backdoors in organization
infrastructure for reentry.
The risk to organizations is significant, with the average nation-state-backed
cyberattack costing an estimated $1.6 million per incident. Yet the report finds
10 percent of organizations surveyed do not have a cybersecurity strategy.
Consumer Impact. While access to consumer data was the motive for nearly
half of reported state-backed incidents, only 33 percent of organizations
reported reaching out to their customers to disclose the incident. The
respondents view personally identifiable information (PII) related to either
their customers or employees—as one of the main factors they would be targeted
(46 percent and 40 percent respectively). As organizations prepare their
cybersecurity strategies, risks to reputation and trust are at stake.
Transparency with end customers should be considered in addition to ensuring
direct communication with cybersecurity vendors, partners and government
agencies. Additional information for consumers can be found on the Trellix blog.
Government Guidance. The report found 92 percent of respondents were
willing to share information about an attack, but not always the full details.
Overall, organizations are looking to the government for guidance into how they
can protect themselves while being hindered by a lack of breach disclosures.
Ninety percent of respondents think the government should do more to support and
protect critical infrastructure from cyberattacks. In the U.S., programs like
the Cyber Safety Review Board, CISA’s Shield Up and the White House’s new Office
of the National Cyber Director are examples of programs governments worldwide
should continue to develop to help protect critical infrastructure.
and their criminal proxies are some of the most dangerous cyber attackers
because they are capable, best resourced and extremely persistent,” said James
Lewis, senior vice president and director, Strategic Technologies Program for
CSIS. “It’s not surprising that nation-states, particularly China and Russia,
are behind many of the cyberattacks organizations experience; what is surprising
is that 86 percent of respondents in this survey believe they have been targeted
by a group acting on behalf of a nation-state, and only 27 percent are
completely confident in their organization’s ability to recognize such an attack
in contrast to other cyberattacks.”
Latest Threat. Trellix Threat Labs today also announced new findings,
uncovering activity from advanced persistent threat (APT) group Nomad Panda,
also known as RedFoxtrot. Trellix has determined with medium confidence that
RedFoxtrot has been leveraging a new variant of the PlugX malware which Trellix
has named “Talisman.” The Talisman variant of the malware has been used to
target defense and telecommunications victims across South Asia, likely to
advance China’s Belt and Road initiative which aims to expand trade and economic
relationships across Europe, Asia and Africa.