Nation-state attacks are stealing the spotlight after the massive SolarWinds incident that is still under development. This is a new era for cybersecurity and every single professional in the industry must be aware of the implications of this kind of threat.
For those who don’t know the concept, nation-state attacks are cyberattacks carried out by agents that are directly or indirectly sponsored and motivated by a government. A nation-state agent can be a professional or group hired by a government to hack other governments’ infrastructures or private organizations with strategic importance in the targeted countries.
With the SolarWinds hack allegedly conducted by Russian agents, understanding the nature of nation-state cyberattacks is more important than ever, especially for organizations that operate with ICS (Industrial Control System).
The (CS)2AI and KPMG Report
Last November, the (CS)2AI (Control System Cyber Security Association International) and KPMG released a cybersecurity report covering ICS and OT aspects. In this report, the organizations addressed the findings obtained from 600 members worldwide, half of them based in North America.
The report shows how infection through removable media drives is the most frequent type of attack with 35%, followed by email-based attacks with 32%. And while almost half of the reported incidents were attributed to mistakes, poor practices, and negligence from within the organizations, 16% were attributed to scammers and 14% to cybercriminals.
But what about nation-state actors? Most professionals who aren’t familiar with this kind of data can easily imagine that nation-state attacks occur almost exclusively to governmental institutions and very rarely to other types of organizations.
Actually, this report showed a worrisome reality: 12% of the cybersecurity incidents on ICS and OT platforms were attributed to nation-state agents.
For a private organization that works with utilities, for example, a major service disruption may cause significant chaos in a city. This is why nation-state agents see such organizations with great interest as they have the potential to destabilize society on many different levels.
The report also offers interesting facts on defending from such events. The cybersecurity program’s maturity level is an important factor here, drawing the line between organizations that can protect themselves and those that cannot.
For organizations with more mature cybersecurity programs, the chances to detect social engineering involvement in incidents were considerably higher, 12% against the 4% from less prepared organizations. When it comes to nation-state attacks, more mature programs were more likely to detect the incident on time to act, showing 20% of effectiveness against 13% from ill-prepared organizations.
These numbers are highly influenced by the willingness of stakeholders to implement proper solutions to protect ICS and OT. For example, 47% of the organizations with programs rated as mature used solutions such as Julie Security, while only 5% of companies with less mature programs actually used a robust solution.
Nation-state attacks are becoming a very real threat for organizations of all kinds and sizes. This is no longer an exclusive problem for public institutions and companies in essential industries but for everyone that takes an active part in the economy.
This is an issue that is only going to get more challenging in the future. As more governments around the world equip themselves for cyberwarfare, we will see how attacks of this nature become a standard tool. The only thing we can do right now is to protect our businesses with the proper tools.