Favorite Social Media Timesink
When you take a break from work, where are you going?
Video clips on TikTok/YouTube
X, Bluesky, Mastodon et al...
Web surfing
I do not get distracted by petty amusements

CrowdStrike and the Nation-State Threat to Cybersecurity: Facts vs. Hype

This post investigates whether or not CRowdStrike is overstating the security threats of Nation-state activity.
Dec 5th, 2019 9:40am by
Featued image for: CrowdStrike and the Nation-State Threat to Cybersecurity: Facts vs. Hype

Nation-state sponsored cyberattacks are far more common than most people think, according to a recently-released report commissioned by CrowdStrike, which found that 81% of the 1,900 senior IT leaders and security professionals agreeing with the sentiment. When asked what would motivate a nation-state to attack, only 5% believe their organization is not at risk. The survey also concludes that 73% believe nation-state sponsored attacks have the potential to pose the single biggest threat to their organization in 2020. The stats are attention-grabbing and so is the study’s sponsor.

CrowdStrike is notorious because its incident response team reported that Russia hacked the Democratic National Committee (DNC) in 2016. President Donald Trump and his allies assert that Ukraine, China, another nation-state, even “somebody sitting on their bed that weighs 400 pounds” could also be responsible. Security experts worry that the politicization of security will undermine faith in what has become industry best practices. CrowdStrike is trying to be apolitical while at the same time using free publicity to generate demand for its Falcon offering, which correlates endpoint-related events to support threat hunting and threat intelligence.

nation-state attack motivation

Source: “2019 CrowdStrike Global Security Attitude Survey”. Of all the motivations cited, the 56% worried about “close ties to our government” are probably closest to understanding the scope of the problem.

Let’s cut through the disinformation and competing motives. Nation-states are a threat, but cybercriminals are much more likely to be doing the hacking. In fact, according to the survey in ISACA’s “State of Cybersecurity 2019,” only 12% of companies that had been “exploited” in 2018 had been attacked by a nation-state as compared to 32% by cybercriminals.

Source: ISACA’s “State of Cybersecurity 2019”

Verizon’s “2019 Data Breach Investigations Report” goes beyond surveys and analyzes reported incidents (a security event that compromises the integrity, confidentiality or availability of an information asset) and breaches (an incident that results in the confirmed disclosure — not just potential exposure — of data to an unauthorized party). Among breaches in which the threat actor was identified, 69% involved an outsider. A third of outsider-related breaches (23% of all the breaches) involved a nation-state or state-affiliated entity. In addition, 71% of breaches were financially motivated, while 25% were motivated by the gain of strategic advantage (espionage). Verizon also found that 62% of all cyberespionage related breaches were experienced by a public sector organization.

Proving that a foreign government is involved with a hack can be difficult, but most hacks commonly occur when the public sector is involved. Although there are widespread fears of corporate espionage, it is much harder to determine if a nation-state is to blame. Overall, nation-states are threats, but CrowdStrike is overstating the threat.

Relevant Graphics from Reports Cited in the Article

Source: Verizon’s “2019 Data Breach Investigations Report”. Internal actors were associated with 34% of identified breaches.

Source: Verizon’s “2019 Data Breach Investigations Report”. State-affiliated breaches have increased, but it is more notable that organized crime and activists are less likely to be responsible for these attacks.


Source: “2019 CrowdStrike Global Security Attitude Survey.” Fifty-five percent have experienced a software supply chain cyberattack in the last 12 months, up from 33% in last year’s study. Of the organizations with such an experience, 40% paid some form of ransom to retrieve encrypted data, up from 14% in the 2018 survey. We don’t know exactly what the respondents consider to be a software supply chain attack.

Feature image via Pixabay.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.