Businesses are losing the battle against state-sponsored cyber attacks and things are unlikely to improve in the short term, according to a survey of senior IT security professionals.
While nearly 63% of respondents think a state-sponsored attacker will attempt to breach their organisation in the next six months, 74% said they were not confident that their own corporate network had not already been breached by a foreign state-sponsored hacker.
Most respondents said they believe that the hacking landscape is going to get worse over time
Martyn Croft, co-founder of the Charity Security Forum and CIO of The Salvation Army UK, said he is not surprised by the findings.
“I'd certainly have to agree with the pessimistic view that it's probably going to increase,” said Croft.
According to Croft, a certain amount of inference from the known attacks such as Stuxnet indicates that state-sponsored attacks have become a commonplace occurrence.
Amar Singh, ISACA Security Advisory Group London Chair, said he would have expected more than 58% to be pessimistic.
“Most organisations will lose the battle if they end up on the target list of a state-sponsored attacker,” he said.
Read more on state-sponsored attacks
- Google to warn users of state-sponsored attacks
- Gauss toolkit used in nation-state-sponsored cyberattacks, Kaspersky says
- Cyber attacks must avoid civilian targets, says Nato manual
- More than half UK citizens worried about nation-state cyber attacks
- Paranoia growing over state backed cyber attacks
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
Singh warned that opportunities for attack will only increase when the world fully embraces the IPV6 next generation internet protocol, which he said will allow every human being to own 2,000 fixed internet addresses.
“Think about the attack surface when your TV, watch, wristband and car’s engine have a unique cyber space address and will be always connected to cyber space,” he said.
As state-sponsored cyber attacks increasingly become a serious problem, many nations are building defensive, as well as offensive, techniques to deter attackers, Singh said.
“This was recently demonstrated when North Korea announced it has built an army of 3,000 cyber trolls to attack South Korean websites,” he said.
Philip Lieberman, president and CEO of Lieberman Software, said the threat of state-sponsored attacks is extremely serious for government and commercial entities, with the probing of IT infrastructures in both environments taking place continually and attacks being launched on a regular basis.
“The majority of organisations are prepared for amateur hackers and low-level criminals, but are completely ill-equipped to deal with today’s advanced nation-state foes,” he said.
The most dangerous threats, said Lieberman, are highly personalised attacks designed for one-time use against specific individuals.
Many state-sponsored attackers can now create perfect email attacks that insert remote control software onto corporate networks.
For this reason, Lieberman said most corporations and government agencies would benefit from better security training, documented security processes, and systems to manage and secure privileged accounts that grant access to critical IT assets.