Have nation state cyber attacks become a concern for all organizations?

2k views1 Upvote3 Comments

Sr. Director of Enterprise Security in Software, 5,001 - 10,000 employees
I'm not affiliated with the government anymore, so I'm not as concerned about cyber attacks from other nation states as I once was. But one of the interesting things about my role at Front is that Front is an email collaboration app. We ingest all of your email into our app and then there are all these other functions that exist around email like commenting, chat and shared email. We're ingesting all our users’ email data, so we have to be just as secure as whatever mail service they're using.

As we start looking at information campaigns and disinformation campaigns, we've talked about how holding onto that kind of information makes you a target. I don't think a company of our size would show up on someone's radar, but the data we have certainly could. Once you start figuring out what kind of data you hold as an organization, you can put yourself at risk of being a bigger target than you were previously.
Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
Considering SolarWinds and various campaigns that have happened over the past two years, it’s clear that nation states don't care as much about getting caught as they used to. There used to be a real focus on stealth and targeted attacks. But there's been a shift to things that are more opportunistic, which brings a broader group of targets into scope. For organizations that previously thought, "A nation state's not going to concern themselves with what we're doing, or what we've got access to from an information standpoint," some of that calculus has shifted quite a bit over the past two years.

In terms of vulnerability management, we’re digging into the threat intelligence side of things at Bugcrowd. We’re trying to understand what campaigns are being launched or planned against companies like ours, while also making sure our systems are resilient enough to stay ahead of all those things. It amounts to productive paranoia. You end up thinking about this stuff more than you would like to, but it becomes quite productive.
Senior Information Security Manager in Software, 501 - 1,000 employees
I wouldn't say we're below the radar, but we’re not among the top 100 types of companies Russia would want to make a statement with in the US. But Russian cyber attacks are definitely a concern for everyone, because they've got thousands of well-trained hackers who see a lot of profit in attacking American systems. When you consider that a person could live 10 years off a single attack, they have massive incentives.

Content you might like

Cyber insurance with ransomware coverage44%

Law enforcement contact(s)44%

Ransomware response plan60%

Ransomware task force/team39%

Bitcoin account for ransomware payments14%

Disaster recovery site33%

Other (comment below)1%



Once a month7%

Once a quarter43%

Once every 6 months17%

Once a year15%

We do not run ransomware simulations currently.16%

Other (comment below)0%


1.6k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.2k views131 Upvotes319 Comments