Nation-state attacks typically come from three different sources:
- The nation itself (such as Russia, China, Iran or North Korea)
- Groups that are linked to a government (these attacks are also called state-sponsored attacks)
- Cybercriminal gangs in a country that allows them to operate freely (these attacks are also called state-ignored attacks)
Research shows that 35% of nation-state attacks target enterprises, and they are often fueled by international competition. Often, organizations are targeted by nation-state attackers in a ransomware operation to gain funding or an espionage campaign to obtain intellectual property.
Many nation-state attackers are also targeting supply chains. The SolarWinds breach discovered in 2020 particularly underscores the importance of understanding your software supply chain. Why? Because a nation-state attacker may not target your organization directly but rather target a company that can push updates into your network to gain initial access.
Next steps
- Audit your defensive posture: Audit your current information security posture. Do you have a defense-in-depth posture to defend against advanced attackers?
- Understand the threat: Invest in threat intelligence and understand the threat actors interested in your business, product or data. Use this intelligence to create a defense-in-depth architecture.
- Deploy software updates: Many attackers can use vulnerabilities in older products, so make sure to regularly test and implement security updates from vendors.
- Protect your supply chain: Review and test software updates from vendors to ensure no malicious code is contained in the update.
- Test your defenses yearly: Conduct a red or purple team exercise to verify your defenses and cybersecurity personnel can detect and respond to advanced attackers who are targeting your network or already in your network.