Even though we all strive for peace, states have traditionally been known to engage in international espionage and even occasional warfare to deal with a delicate global geopolitical status quo. In the digital age, it seems that these activities have somewhat organically migrated to the online world. Cyber attacks sponsored by states seem to make the headlines more often than they used to – so does this mean that they are going to be a rising threat in 2019?
State-Sponsored Cyber Threats Expected to Rise in 2019
The short answer is yes – and this is only reasonable, if not expected, given the multitude of possibilities that unfold when states take to cyberspace. The World Wide Web is hosting a wealth of information that is critical for every government to access – or, conversely, to prevent other foreign powers from accessing. A big part of a state’s involvement in hacking aims at being able to adequately protect the data it holds that is crucial for its operations.
This should come as no surprise, as safeguarding sensitive information is not just a concern for states, but with virtually everyone with an online presence. Data security solutions, protecting data against incoming attacks have in recent years emerged as a top priority for organizations and businesses worldwide.
Companies invest significant resources in uncovering hidden risks, identifying critical data across databases and in the cloud, as well as implementing measures to protect it from both external attacks and internal malicious or negligent users. This allows companies to comply with regulatory and privacy requirements, as well as maintain their reputation and prevent the disruptions and the financial implications that loss of data can result in.
If the stakes are high for private companies, then they are that much higher when it comes to governments. States nowadays use the internet not only to identify, store and exchange important intelligence but to power pivotal public infrastructure, including power grids and telecom networks. According to a report published by ZDNet, state-sponsored cyberattacks will dominate the cybersecurity landscape in 2019 in two distinct categories out of the top eight trends to watch out for. Information warfare will emerge as a top contender, amidst growing reports that a large number of misinformation campaigns are in fact the work of national intelligence agencies. Orchestrating and triggering appropriate cyber-activity can allow governments to influence or in some instances even manipulate public opinion and make decisions by their counterparts sway in a favorable way. Employing troll accounts to spread false information and perpetrating selected data breaches and leaks can go a long way towards tipping the scales in political and economic conflicts.
Private Companies Caught in the Crossfire
State-sponsored cyberattacks also include direct hits by targeting a foreign state’s infrastructure. Just in the past couple of years, the US has repeatedly accused Russia of using “troll armies” and sophisticated cyberattacks in order to meddle with the country’s internal political affairs, as well as endorsing hackers that were after the US’s power grid.
Ukraine has also alleged that both the 2015 attack that crippled its power grid and the 2017 Petya variant ransomware attacks on a variety of targets, including banks, an international airport and the Chernobyl Nuclear Power Plant were the work of hackers affiliated with Russia. The US has also been accused of cyber espionage, while cybercriminals associated with North Korea have been claimed by some sources to have been behind the WannaCry incident. And the list goes on.
In many of these attacks, the cybercriminals do not target public institutions directly but instead attempt to inflict damage on an adversary by going through private companies. The latter are often critical for the smooth operation of a state’s financial and social life, like railway companies or banks, while other times it is simply the sheer volume of those affected that will get the message across.
This is why private enterprises are becoming increasingly worried about the impact that state-endorsed cybercrime might have on their business. In 2018, Chief Information Officers around the globe identified foreign powers in the top five cyber threats, with 33% of CIOs worried about a possible attack. This figure is up from 28% in 2017 and 27% in 2016, while organized cybercrime topped the list at 77% in 2018. Amateur hackers ranked second last year at 56%, with insiders claiming the third spot with 49% and spammers landing fourth, with 44% of IT leaders concerned about their activities. Interestingly enough, state-sponsored attacks ranked higher than cybercrime endorsed by competitors, which only 19% of CIOs were worried about.
Installing cybersecurity tools like firewalls and anti-malware programs, along with employing IT experts with a cybersecurity background can significantly help companies get protected against similar attacks. Educating employees on the dangers of state-sponsored cyber threats and making sure that a comprehensive data security strategy is implemented consistently across a company is also crucial.
In recent years, states have become increasingly active in promoting cybersecurity, establishing dedicated agencies, passing privacy and data protection legislation, and engaging in efforts to promote awareness. Yet, as research indicates, there is a growing trend of state-sponsored action in the field of cybercrime – which could have a devastating effect on private enterprises too, unless appropriate measures are implemented.