Nearly two-thirds of organizations (64 percent) believe their organizations are potential targets for nation-state cyber-attacks, according to a Tripwire survey of 215 attendees at the Black Hat USA 2015 security conference.
In addition, the vast majority (86 percent) of the respondents said they have seen an increase in targeted attacks directed at their networks over the past year.
Despite the noticeable increase in attacks, less than half of the respondents (47 percent) said confidence in their organizations’ ability to detect and respond to a cyber-attack rose in the last 12 months.
“The results track very well with the overall sentiment in the information security industry,” Tim Erlin, director of IT security and risk strategy for Tripwire, told eWEEK. “Organizations continue to experience an increase in the rate of targeted attacks, but still feel like they’re unable to accurately detect and prevent them. It’s surprising that 48 percent of respondents said they are able to track all the threats targeting their networks. That’s actually a very high level of confidence from a traditionally skeptical group.”
Erlin said small businesses should ensure they’ve implemented basic foundational controls before worrying about the latest ‘sophisticated’ attack.
“Simply keeping systems on current software, effectively patching vulnerabilities, and ensuring critical systems are running hardened configurations can significantly increase the cost to the attacker,” he said. “Small businesses should learn about how their data might be profitable for an attacker. Only by understanding why they might be a target can an organization deploy tools to protect the most valuable data.”
Nearly two-thirds (64 percent) of respondents said targeted attacks against their networks have increased over the past year by 20 percent or more.
The survey also found that more than half (53 percent) of respondents said they do not have the visibility necessary for accurate tracking of all the threats targeting their networks.
“The time when nation-state attacks were limited to military, government and critical infrastructure are over,” Erlin said. “Most businesses should consider themselves a target, either for the data they possess, or for the access they can provide into other organizations.”
In addition, 41 percent of respondents said they have seen a significant increase in the number of successful cyber-attacks in the past 12 months.
“Until the majority of organizations can consistently implement basic best practices, we’ll continue to see attackers of all types taking advantage of simple vulnerabilities to launch targeted attacks,” Erlin explained. “While it seems like China grabs the nation-state attacker headlines these days, more countries will develop these capabilities and enter the fray out of necessity. The increased nation-state activity will make attribution more difficult, causing organizations to focus on detection and prevention even further.”