In the Crosshairs: Organisations and Nation-State Cyber Threats

The constant outpouring of news highlights that nation-state cyberattacks are a growing threat. Governments are behind many of the most dramatic successes. These nation-state cyberattacks create service disruptions, expose data, and create substantial financial costs. SolarWinds, Colonial Pipeline and the Microsoft Exchange “Hafnium” incident are examples, and if nothing else show that victims have to spend heavily to repair damage to reputation and brand and in cases where there is intellectual property theft, can lose the advantage of their investment in innovation. State attackers are relentless and there is considerable room for improvement in cyber defense and how most organizations — regardless of sector or size — go about doing this.

Industrial espionage, ransomware, the theft of personal information, or disruption of services — the impact from a cyberattack take many forms, all damaging. While attackers can range from cybercriminals, individual hackers, or governments, nation-states and their criminal proxies are the most dangerous because they are the most capable, best-resourced, and persistent. Many of the high-profile events in recent years involved state actors, whether acting directly, using proxies, or by allowing cybercriminals to operate from their territory.

The growing number and severity of cyberattacks is a problem for the international community, and while there has been progress in agreeing on norms of responsible state behavior (and what to do if these norms are not observed), it will be years before the state-actor threat recedes, because it is so rewarding and because there are so few penalties. Previous reports in this series estimate that cybercrime costs the world perhaps $1 trillion dollars, and the cost is growing. Most of this is due to attacks by nation-states or their proxies, by a failure of certain governments to enforce the law against criminal groups operating from state territory, and by the opportunities created by weak defenses and often a reliance on multiple vendors for network services and software…