As open war rages in Ukraine, the long-promised cyberattacks from Russia are also striking U.S. financial industry targets.
A report released Monday examining how IT security executives view nation-state bad actors and how they attack organizations in other countries.
The study by cybersecurity service provider Trellix in partnership with the Center for Strategic and International Studies (CSIS), based on a survey of more than 800 IT security professionals globally, found that 86% of respondents believe they have been targeted by a cyberattack conducted by a group acting on behalf of a nation-state. And just over one-quarter of respondents (27%) say that they have complete confidence in the ability of their organization to differentiate between nation-state cyberattacks and other cyberattacks.
Only 1 out of 10 surveyed organizations do not have a cybersecurity strategy. However, 90% of respondents say that the government “should do more to support organizations and protect critical infrastructure against state-backed cyberattacks,” according to the report.
More than 90% also said they were willing to share information publicly when they faced a nation-state cyberattack, but not always with full details of the attack or its effect.
Russia, China most likely suspected to be behind nation-state cyberattacks
Not surprisingly, the Trellix-CSIS report found Russia and China among the most likely suspects of launching a successful cyberattack resulting in data loss, service disruption, and industrial espionage, which might lead to significant costs to financial organizations attacked.
“As geopolitical tensions rise, the likelihood of nation-state cyberattacks rises, as well,” Bryan Palma, CEO of Trellix, said in a press release. “Cybersecurity talent shortages, outdated IT infrastructure, and remote work are the greatest challenges in today’s operating environment. Organizations must improve their automation, remediation, and resiliency capabilities to defend against increasingly sophisticated attacks.”
Enterprises are concerned with the potential attacks from nation-state actors, as well as well-funded cybercrime rings. According to the Trellix survey, 92% of business respondents have experienced or may have experienced a nation-state backed cyberattack in the last 18 months or expect to face one in the future. The average nation-state-backed cyberattack costs an enterprise an estimated $1.6 million per incident.
Just one-third (33%) of companies surveyed by Trellix actually disclosed breach information to their customers. Survey respondents believe personally identifiable information (PII) related to either their customers or employees (46% and 40%, respectively) might be misused by bad actors. In addition, 92% of organizations interviewed said that they would share information about a cyberattack. And 9 out of 10 enterprises think the government should do more to offer cybersecurity protection.
Ninety percent of respondents think the government should do more to support and protect critical infrastructure from cyberattacks. In the U.S., programs like the Cyber Safety Review Board, the Cybersecurity and Infrastructure Security Agency’s Shield Up, and the White House’s new Office of the National Cyber Director are examples of programs governments worldwide should continue to develop to help protect critical infrastructure.
“Nation-states and their criminal proxies are some of the most dangerous cyber attackers because they are capable, best resourced and extremely persistent,” said James Lewis, senior vice president and director, strategic technologies program for CSIS, said in a press release.
“It’s not surprising that nation-states, particularly China and Russia, are behind many of the cyberattacks organizations experience,” Lewis says. “What is surprising is that 86% of respondents in this survey believe they have been targeted by a group acting on behalf of a nation-state, and only 27% are completely confident in their organization’s ability to recognize such an attack in contrast to other cyberattacks.”
