The recent SolarWinds hack, which left a spate of US government offices and private companies vulnerable to cyber criminals, was the latest example of the devastation a nation-state cyber attack can cause. The hack, which was identified in December and that the US government said was likely orchestrated by Russia, breached software made by the IT company SolarWinds Corporation. This gave hackers access to thousands of companies and government offices that used its products, according to a Reuters report. Microsoft president Brad Smith called it “the largest and most sophisticated attack the world has ever seen.”
Now, findings from a new survey report show that corporates around the world become aware of the challenges posed by such threats and are concerned about them. However, their ability to respond to the evolving risks may not be up to the mark.
The report, Securing a shifting landscape: Corporate perceptions of nation-state cyber-threats, is based on a survey conducted by The Economist Intelligence Unit, in collaboration with the Cybersecurity Tech Accord, which was launched in 2018 and promotes a safer online world by supporting collaboration among global technology companies.
The survey was conducted among 524 executives from Asia-Pacific, Europe and the US in November-December 2020, and also includes inputs from leading security experts. All respondents are in senior roles and familiar with their organisation’s cyber-security strategy. A wide range of industries was also represented in the survey: led by IT and technology, retail and consumer goods.
Almost 47% of the respondents said they are “very concerned” about their organisation falling victim to a nation-state cyber-attack. Majority of them stated that this concern has increased in the past five years. A key highlight is the fact that the survey was conducted prior to the disclosure of the SolarWinds attack.
Survey respondents view individual hackers seeking financial gain (22%) and organised cyber-crime groups (22%) as the two gravest cyber-threats to industry, while nation-state actors only rank fourth (12%). However, the threat from nation-state actors is forecast to rise to second place (18%) in the next five years, behind organised cyber-crime groups, the report explains.
Roughly 36% of the respondents think ransomware will be the most common form of nation-state cyber-attack facing their organisation five years from now. One of the key findings was the fact that concerns over nation-state threats have evolved to cover more factors. At one point, cyber-attacks were primarily viewed as a financial risk. Now, nation-state attacks also often target confidential material and important information, such as medical data.
The covid-19 pandemic has also affected the sentiment in this area. Around 29% of the respondents said that the pandemic had significantly increased the likelihood of a nation-state cyber-attack on their organisation.
While 45% of the respondents said that their organisation is “very prepared” to handle such attacks, Marietje Schaake, president of the CyberPeace Institute and international policy director of Stanford University’s Cyber Policy Center, called this a “false sense of security”, partly because until an attack occurs, organisations tend to be confident that they will not become a victim.
Interestingly, the report explains, executives in Asia showed “a subtle but noticeable trend of both greater concern and greater readiness” than their European and North American counterparts.