Businesses are increasingly coming under fire from nation state-backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks.
Nation States, Cyberconflict and the Web of Profit, a study by cybersecuity researchers at HP and criminologists at the University of Surrey, warns that the number of key nation-state attacks has risen significantly over the past three years – and that enterprises and businesses are increasingly being targeted.
An analysis of nation-state cyberattacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.
"Irrespective of sector or size, business appears now to face comparable risks from nation states as it has done from traditional cybercriminals," said the research paper.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
The main aim of these attacks is to obtain intellectual property or business intelligence, with technology firms and pharmaceutical companies at particular risk.
The events of the past year have increased the risks because not only have nation states been conducting campaigns in an effort to gain access to research on COVID-19 vaccines, the way in which many people are working from home has left them – and their employers – at additional risk from phishing and other attacks.
"Nation states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence-gathering capabilities, and military strength through espionage, disruption and theft," said Dr. Mike McGuire, senior lecturer in criminology at the University of Surrey.
"Attempts to obtain IP data on vaccines and attacks against software supply chains demonstrate the lengths to which nation states are prepared to go to achieve their strategic goals."
Hackers are also willing to use techniques that could put many companies at risk in order to target a few.
"There's now a willingness to compromise thousands of networks and businesses, creating huge collateral damage, when in reality the true targets of those cyberattacks will have been much smaller," said Ian Pratt, global head of security for personal systems at HP Inc.
SEE: Ransomware: Why we're now facing a perfect storm
In order to protect networks against cyberattacks, the report recommends that organisations do everything possible to secure endpoints and to segment networks, so sensitive information isn't stored in easy-to-reach areas if an attacker managers to gain entry to the network.
It's also recommended that organisations apply security patches in a timely manner, so they're protected against known vulnerabilities when they emerge.
"As the scope and sophistication of nation-state attacks continues to increase, it's vital that organizations invest in security that helps them to stay ahead of these constantly evolving threats," said Pratt.
MORE ON CYBERSECURITY