In the midst of some of the most interesting times in geopolitical history, Tripwire wanted to see how the infosec community is currently feeling about nation-state attacks. It thus decided to conduct a survey while at Infosecurity Europe 2018 in London . Specifically, Tripwire surveyed 416 attendees to see what the future of nation-state attacks might look like.
Almost all (93 percent) of participants said they think nation-state cyberattacks will rise in the next 12 months. This is perhaps unsurprising considering that recent high-profile attacks have been attributed to nation states. For example, WannaCry was attributed to North Korea, while Russia is believed to have carried a campaign against routers and network infrastructure.
Most respondents did feel that the scope of nation-state attacks are evolving in more troubling ways. Eighty-three percent said they believe nation-states will expand their targets to attack more private (non-government) organizations over the next year. This aligns with what former director general of GCHQ Robert Hannigan said during his talk at In Infosecurity Europe:
Five years ago, we were aware of nation-state attacks but we would’ve seen them as something that only a nation-state needs to worry about. Today they’re a problem for everybody, as we’ve seen over the last year.
Eighty-three percent of survey respondents also believed that nation-state attacks on critical infrastructure will increase over the year. The same amount said these attacks will go beyond espionage and aim to cause direct harm.
“Recent threats like Triton/Trisis and Industroyer/CrashOverride have made it clear that cyberattacks can have dangerous physical impacts on critical infrastructure,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Securing critical infrastructure at the industrial control system layer, where physical meets digital, is absolutely crucial.”
Fortunately, the survey suggested that organizations are taking action against this rising threat. About two-thirds (69 percent) said their organizations have increased efforts to defend against nation-state attacks over the past 12 months. Many seem to take attack attributions into account, as 69 percent said they found them helpful.
“Knowing who you are up against can be a helpful input for your defense strategy. However, attribution as a rule is tricky, and attackers can put up very sophisticated false flags to make someone else look like the attacker,” added Erlin. “Knowing your adversary can be helpful in responding to an attack, but in building a proactive defense strategy you don’t want to get distracted by who the threat actor is versus preparing for the actual threat.”
Despite consensus that nation-state attacks will rise and evolve in nature, the results showed a fair amount of confidence in defending against them. When asked how prepared they felt in defending against nation-state attacks, 60 percent said fairly prepared, 22 percent said very prepared and only 18 percent said not prepared.
Erlin has some advice for those who don’t feel ready to face nation-state attacks:
For those feeling not prepared, focus on building a strong foundation. Make sure you understand what your attack surface is, minimize it as much as you can by hardening and managing vulnerabilities, and then monitor your environment for change.”