CTA and EIU State Threat Actor Report | Avast

Today, the Cybersecurity Tech Accord released a new report on corporate perceptions of cybersecurity threats posed by state-led and sponsored threat actors. This report was done in conjunction with the Economist Intelligence Unit (EIU). Avast is a member of the Cybersecurity Tech Accord and is proud to be a part of the release of this report. I myself was one of the original signatories and helped establish the Cybersecurity Tech Accord, so I really believe in the work and the Paris call.

This report surveyed over 500 people who hold director-level or above roles from across the Asia-Pacific region, Europe and the United States. Those surveyed were familiar with their organizations’ cybersecurity strategy and came from a broad swathe of companies — in particular, IT and technology, retail, and consumer goods companies. They also interviewed leading cybersecurity experts as part of the survey.

The report is important because it measures the beliefs of IT security leaders and experts regarding the threats posed by state-led and sponsored threat actors. It’s also important because the survey has been conducted during the Covid-19 pandemic, so it reflects the adjustments and adaptations that these leaders, experts and their companies have made to their assessment of these classes of cybersecurity threats.

Relative to that, eight out of ten (80%) executives surveyed said that they believe the pandemic has increased the likelihood of a state-led or sponsored cyberattack on their organization.

Countering that, however, 68% of respondents said that their organizations are “very” or “completely” prepared to handle a cyberattack.

Looking further out, the respondents said that in five years, state-led or sponsored threat actors would be a threat to them second only to organized crime.

In looking to meet that threat however, six out of ten (60%) of respondents said that their country only offers a medium or low level of protection. They went on to call for stronger international economic and political cooperation to help meet that threat.

The infographic below shows a visual representation of the survey results:


Image via Cybersecurity Tech Accord

These survey results match some of what Avast Threat Labs researchers have seen. For instance, over the summer of 2020, our researchers found an APT campaign targeting government agencies and a National Data Center of Mongolia that we assessed with moderate confidence to be the work of a well known APT group, LuckyMouse.

Cybersecurity events like this one in Mongolia underscore that leaders are right to assess increased risks from state-led and sponsored groups during the global Covid-19 pandemic. And while 68% of those surveyed felt “very” or “completely” prepared to hand a cyberattack, there’s a risk that this reflects a sense of overconfidence by the respondents.

Most importantly, the report serves as a clear call that there is a clear and urgent need for improvement in the public-private partnerships between companies and governments to help better meet cybersecurity threats moving forward.

For more detailed information on the findings, read through the full report.