Nation-state cyberattacks are on the increase globally, with a growing ecosystem of nation-state threat actors contributing to an expanding pool of sophisticated hacking tools that ultimately become available to anyone.

This is the view of Leigh Murray, CTO at Triple4 Global, who believes local businesses may underestimate the risks posed to them as a result of state-level hackers.

“Because state-level threat actors are funded by governments they can develop more sophisticated tools and spend more time targeting their attacks than most amateurs can,” Murray says. “The risks to most businesses are not directly from the state level, but further down the line through the ultimate monetisation and commoditisation of the tools they develop on the dark web for use by groups or Script Kiddies.

“So the concern for the typical business is to take note of the activities at the state-level as this is an early warning to companies of what they will be facing in the near future,” he says.

Most South African organisations are likely to believe nation-state attackers only target government institutions and critical infrastructure, making their companies unlikely targets.

However, Murray points out that nation state attackers have also been known to target enterprises, financial institutions, and media and communications firms, medical research and healthcare facilities, energy, education, and chemical engineering firms for surveillance, data gathering, and possibly also disruption and destabilisation.

Less obvious targets are firms that belong to the supplier or vendor ecosystem of a target organisation who can be used in a supply chain attack on the target. By focusing on the weaker links in the supply chain, attackers can gain easy access to the major organisation – therefore this form of attack is increasing.

“It is important to note that any business could be a target and anything with an IP address can potentially be hacked – right down to IoT, OT, and even gadgets as innocuous as the connectedfishtank feeder that was famously hacked to steal data from a North American casino.”

Businesses have to take all cyber risk seriously, staying abreast of emerging risk and taking a multilayered approach to cybersecurity covering the complete environment including endpoints, users, networks, data, and hybrid infrastructure, Murray says.

“Organisations also need to put in endpoint detection and response and security incident and event management (SIEM), carry out regular penetration testing, and build in resilience to attacks though encrypted backup and regular recovery testing.”