More U.S. Companies Victims of State-Sponsored Cyberattacks
A disturbing report released today shows that 35% of U.S. organizations have been the victim of nation-state cyberattacks.
The survey by CounterTack|MCSI, a data endpoint detection and response company, is the security industry’s first in-depth examination of state-sponsored attacks against corporations and government agencies, and was completed by the Ponemon Institute. The agency surveyed 639 corporate security practitioners that were familiar with their company’s cyberattack defense plan.
To describe the difference between state-sponsored attacks and non-state attacks, the Ponemon Institute examined the intent of the attacker. Most cybercriminals are looking for data that they can sell quickly, including credit cards and social security numbers.
State-sponsored hackers are looking for information that would give them a military advantage over the United States and other target countries. This includes personal identifiable information such as intellectual property, classified military information, schematic drawings and the like.
75% of organizations are not ready to detect or prevent nation-state attacks, and only 12% of the respondents were very confident that they could recognize them. Most agencies report they lack the resources they need for accurate prevention and detection.
This year, there were reports of high-profile breaches, including successful attacks against Sony and the United States Office of Personnel Management. Even though 74% of senior level executives are more worried about nation-state attacks after these incidents, most corporations are not proactively creating a prevention plan. Of the survey respondents, 49% said they were taking a ‘wait and see’ approach to security.
“Providing additional education to organizations on the characteristics of nation-state attacks, and intent of the malicious actors, is necessary to better equip security personnel in lowering their level of risk,” said Larry Ponemon, President, Ponemon Institute. “There is a belief that government agencies are the only targets of nation-state attacks and that would be false. Often, they go after the proprietary data and intellectual property of blue chip corporations and Global 5000 companies.”