Why Recent State-Sponsored Cyberattack Poses the Biggest Threat to US Government and Businesses?
BACKGROUND: Cyberattacks price very minute as compared to conventional military attacks. In addition, these attacks are normally easier to execute. With their great uncertainty, they generally have very few consequences for the attacker. These are all major causes for state-sponsored cyberattacks.
The recent SolarWinds cyberattack, which left a series of US private firms and government offices vulnerable to cybercriminals, was the fresh example of the desolation a state-sponsored cyberattack can cause. The attack, which was recognized in December 2020 and was allegedly sponsored by Russia, breached software built by the IT Company SolarWinds Corporation. According to a Reuters report, it provided cybercriminals access to hundreds of private organizations and government offices that used its products. Brad Smith, Microsoft president, called it the most sophisticated and biggest attack the world has ever experienced.
The cyberattack assumed to have been accomplished by state-sponsored cybercriminals – most probably the Russian intelligence service – through malicious code incorporated into SolarWinds’ Orion network monitoring platform between the period of March and June of the last year. That malicious code was then utilized as the medium to compromise other IT vendors, including Microsoft and FireEye, and get access to IT systems in a large number of U.S. federal government agencies like State, Defense, Treasury, Homeland Security, and Commerce.
The U.S. government alerted that the cyberattack posed “a grave risk” to a series of US private firms and government offices. The U.S. CISA (Cybersecurity and Infrastructure Security Agency) directed federal civilian agencies to shut down SolarWinds Orion until all hacked accounts and identified malicious mechanisms were removed.
As the extent of the cyberattack became clearer, the number of affected IT vendors still continued to grow, including Cisco Systems, Microsoft, Intel, VMware, and Nvidia.
State-Sponsored Cyberattacks: A Major Threat for Private Companies and Government Offices
In the last few years, state-sponsored cyberattacks have transformed cyberspace. These attacks have been increased by the wide range outcomes of COVID-19. In fact, many industry leaders believe that the pandemic has increased the risk of a state-sponsored cyberattack on their organization.
According to a survey conducted by the Cybersecurity Tech Accord and the Economist Intelligence Unit (EIU), state-sponsored cyberattacks are a major threat for private companies and government agencies. Many private companies are concerned about disastrous financial and reputational outcomes and demand greater cooperation from local as well international agencies, in order to mitigate these threats.
The major findings of the survey are:
- Private organizations are concerned about State-sponsored Cyberattacks: About 80% of respondents are worried about their organization falling victim to a state-sponsored cyberattack, with the majority thinking that this concern has accelerated after the pandemic.
- There is an inaccurate perception of security: 68% of leaders think their organizations are ready to deal with a cyberattack. EIU demonstrated it as an inaccurate sense of security from organizations as most organizations don’t have solid experience in managing such threats. The recent SolarWinds hack may force more companies to modify their operating procedures for how they mitigate risk.
- Investment from the corporate sector in Cybersecurity is important but government actions are more critical: Many executives believe that government offers a low or medium level of security and that stronger international political and economic collaboration is important to meet the challenges, and to build a more stable and secure online environment.
Although state-sponsored cyberattacks are a silent risk, they may have catastrophic and prolonged effects on our community. Given the recent state-sponsored SolarWinds cyberattack, collaboration between the corporate sector and government is becoming increasingly critical, in order to mitigate these types of threats effectively. SolarWinds hack is a call to action for many governments and private firms to step up and think about the kind of cyber assistance they need to protect themselves against these attacks.