Businesses Concerned About State-Sponsored Cyber Attacks

In the wake of high-profile cyber-attacks directed against U.S. companies, a survey finds half of businesses believe their organization could be a target.

Half of businesses say their organization is a potential target for state-sponsored cyber attacks, according to a survey of 205 attendees of the RSA 2013 security conference by information risk and security performance management solutions specialist nCircle.

The survey also found just under half (48 percent) of respondents thought China had the most advanced capabilities for state-sponsored cyber-attacks, while a third (33 percent) of respondents said they believe the United States has the most advanced capabilities.

"The number of organizations that are potential targets for state-sponsored cyber-attacks is probably much higher than 50 percent, because if attackers can't break into a targeted organization, they will go after partners and suppliers," nCircle chief research officer Tim Keanini said in a statement. "Frankly, I'm surprised that the level of paranoia among information security professionals isn't higher."

Keanini also noted that public perception of the country with the most advanced nation-state cyber-attack capabilities has clearly been shaped by recent media coverage, notably the reports that Chinese hackers have been infiltrating or attempting to infiltrate a wide range U.S. companies’ Websites.

"The reality is that nations that are really good at cyber-attacks don't make the news because they don't get caught,” he continued. “China appears to have a large number of cyber 'soldiers' but we don't have any public point of reference yet."

A recent classified National Intelligence Estimate study blamed China for the majority of cyber-espionage attacks targeting U.S. agencies and businesses, resulting in security experts calling for the government to take a harder policy line to deter such attacks. The February report, released by the Office of the Director of National Intelligence, aims to identify threats to the nation. The report echoes the sentiments of the U.S.-China Economic and Security Review Commission, which released a report in November 2012 stating that economic espionage is part of China's national strategy.

"Although it is unclear whether the Chinese state directs all of this activity, the theft of industrial secrets through cyber-espionage is apparently Chinese state policy," the 2012 USCC report stated. "The state controls up to 50 percent of the Chinese economy, and industrial espionage appears to be a key mission of the Chinese intelligence services."

In another report released on Feb. 19, incident-response firm Mandiant argued that a group within China’s People's Liberation Army known as Unit 61398 is responsible for more than 140 attacks investigated by the firm since 2006. Among the targets were a large wholesale company that lost a price battle with China and security firm RSA, which attackers breached in 2011 to steal data related to its SecurID one-time password technology.