As an information security software vendor for a lot of large corporate enterprises and government agencies, nation-state hacking is a subject we’re keenly interested in. See this recent post on securing critical national infrastructure for background information.
Figuring Black Hat would be the perfect venue to get some data on this topic, we surveyed nearly 200 IT security professionals on the show floor and learned:
- 58% of respondents said that yes, the US is losing the battle against state-sponsored attacks
- 74% aren’t confident that their own corporate network hasn’t already been breached by a foreign state-sponsored hacker
- But even if it hasn’t, 63% of the people we surveyed believe that a state-sponsored attacker will attempt to breach their organization in the next six months
- And, an overwhelming 96% of respondents think that the hacking landscape is going to get worse
When we ran these findings by one industry analyst whom we work closely with he commented, “how do they know that there was state involvement and what leads them to believe that they are being specifically targeted by state sponsored activity rather than a criminal source? Remember, criminals are involved in the development of some state sponsored malware tools.”
Good points, but if nothing else, news stories on this topic over the past year or so demonstrate that nation-state led cyber attacks are trending up significantly. For example, in one interesting account earlier this summer it was reported that North Korea announced it has built an army of 3,000 cyber trolls to attack South Korean websites.
Martyn Croft, CIO of The Salvation Army UK saw our survey results and thought that they might not be measuring the true depths of the state-sponsored attack problem.
“Since I would assume that state sponsored attacks are a covert operation, it sort of begs the question whether anyone can know the full extent,” Croft said. “I guess a certain amount of inference from the known attacks, e.g. Stuxnet, would lead one to believe that it’s become a commonplace occurrence.”
How common? According to our first hand knowledge dealing with both government and commercial organizations, probing of IT infrastructures is occurring 24/7, with attacks being launched on a regular basis. The most dangerous such attacks are highly personalized incursions designed for one-time use against specific people, such as targeted emails that can insert remote control software onto the victim’s network.
These types of attacks can’t be stopped, only mitigated. How? Start with better security training for employees and documented security processes by the IT department. Then look into enterprise-level products that can manage and secure the powerful privileged accounts that grant access to an organization’s most critical IT assets.
For more in-depth survey findings see www.liebsoft.com/state_sponsored_attacks_research.