Nearly three-quarters (72%) of IT leaders are concerned that tools and techniques used by nation-states will eventually end up in the hands of cyber-criminals and be used to attack their organization, according to HP.
The findings come from a poll of 1100 IT decision-makers in the UK, the US, Canada, Mexico, Germany, Australia and Japan.
Ian Pratt, global head of security, personal systems at HP, argued that such concerns are well-founded. He cited recent events such as the Kaseya attack on MSPs which appear to be partly inspired by the Kremlin’s SolarWinds campaign.
“Now the return on investment is strong enough to enable cyber-criminal gangs to increase their level of sophistication so that they can start mimicking some of the techniques deployed by nation-states,” he noted.
“The [Kaseya attack] is the first time I can recall a ransomware gang using a software supply chain attack in this way.”
Independent software vendors (ISVs) in particular must be extra alert to similar “stepping stone” attacks in the future, even if they don’t have major enterprise customers, Pratt warned.
Respondents to the HP poll also flagged their concerns about direct attacks from nation-states. Over half (58%) said they were worried about such an eventuality, while 70% said they could become collateral damage in a cyber-war.
The top concerns among IT decision-makers were sabotaged data and systems, disruption to operations, theft of data and impact on revenue.
The poll follows a significant report by HP released in April, which warned that the world has never been closer to a full-scale war, waged due to state-backed cyber-attacks.
President Biden seemed to acknowledge this point when he warned last month that if the US ended up in a “real shooting war” with another major power, it would likely result from a severe cyber breach.