Leading organizations have long factored state-sponsored cyber-attacks into their risk-based cyber defense planning, but the need to do so has been highlighted in recent months due to an increase in this type of attack associated with the conflict in Ukraine.

The primary goal of these state-sponsored attackers is to identify and exploit the national infrastructure vulnerabilities, gather intelligence, and exploit systems, which can easily impact the business operations of both public and private sector organizations.

According to the UK’s National Cyber Security Centre (NCSC), there has been significant cyber activity in the Ukraine since the start of hostilities with effects beyond Ukraine’s borders that have caused disruptions in central Europe.

As a result, the NCSC says organizations cannot afford to be complacent, stating that “the absence of successful cyber-attacks doesn’t equate to a change in adversary capability or intent” and that organizations should respond to a “potentially protracted period of heightened threat” by maintaining a “strengthened cyber posture.”

However, the NCSC says extended periods of intense pressure on cyber security teams raise the risk of burnout with a potential rise in unsafe behaviors and errors, noting that “staff welfare is a critical component of an organization’s security and resilience.”

The NCSC has published guidance on maintaining a strengthened cyber security posture in a sustainable way that highlights the importance of:

  • Revisiting risk-based decisions to ensure defenses are implemented in an efficient way for the long-term.
  • Empowering frontline staff to make decisions about prioritization.
  • Ensuring that workloads are spread across individuals and teams, and that frontline staff can take breaks and recharge.
  • Providing resources to managers and teams to recognize the signs if someone is struggling.

The NCSC says the best long-term response to changes in the cyber threat is to improve your organization’s cyber security and resilience by building more secure networks and bolstering resilience capabilities as outlined in their guidance on 10 Steps to Cyber Security.

By taking steps to improve cyber security and resilience, organizations can reduce the likelihood of their business operations being impacted not only by the actions of hackers linked to nation states, but also to threats from affiliated and other cyber criminals who learn from the tactics, techniques, and procedures (TTPs) used state-sponsored groups.

Now is the time to ensure that your organization not only can block as many known types of cyber-attacks as possible, but can also detect, respond to, and recover from unknown or unexpected attacks because state-sponsored attacks tend to be well funded, well resourced, and extremely difficult to detect. 

This means that more than ever before, organizations need to ready for the unexpected by implementing round the clock monitoring of the entire IT estate to identify threats, having well-defined and well-practiced incident response and recovery processes, bolstering cyber resilience, and improving access controls to eliminate easy paths to compromise such as credential theft.  

It is therefore important for all organizations to understand the true nature and severity of the cyber threats they face and the need for, and benefits of, modern approaches to cybersecurity such as proactive threat management, Zero Trust, Decentralized Identity, and securing software and other IT supply chains to raise the level of cyber resilience.

Where cyber attackers are advanced or state sponsored and have access to zero-day-exploit based tools, anti-malware solutions may not be able to detect the initial compromise. In these cases, integration of all services including cloud-based into security intelligence tools is key to eventually discovering and remediating the incursion.

— John Tolbert, Director Cybersecurity Research, KuppingerCole.

Because we understand the importance of a proactive security capability, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats, including live events such as the 2022 KuppingerCole Cyber Security Leadership Summit (CSLS) taking place in Berlin and online in November.

The agenda includes as CISO Panel discussion on Mitigating State Sponsored Attacks in Cyber-Space, and presentations entitled:

Other related presentations include this one on Building Enterprise Security Resilience and this one on Successfully tackling your Digital Supply Chain Risk, both highly relevant topics in an era where state-sponsored cyber-attacks are increasingly common.


Nation-state sponsored cyber-attacks was also a topic on the agenda at this year’s EIC conference, where the agenda included a panel of security leaders talked about Assessing the Business Impact of Russia’s Invasion of Ukraine and a presentation entitled: We’re Gonna Need an even Bigger Boat: How Pervasive Digital Transformation, Nation State Actors, and Open Code Repositories Mandate a Reinvention of Identity.

For a retrospective on the SolarWinds-incident, listen to what our analysts consider the lessons learned, the strategic approaches towards improving security in organizations that depend on diverse cyber supply chains, and the changes that need to be made in this Analyst Chat entitled: Post-SolarWinds Software Security Strategies

Cybersecurity leaders increasingly point to the importance of developing a cyber resilience capability. For a brief overview of the topic, listen to this Analyst Chat on Business Resilience Management.  

If you are considering an investment in network detection and response tools, find out what threats they are looking for and how they complement endpoint protection tools in this Analyst Chat on NDR - Network (Threat) Detection and Response


Continuing the theme of resilience, have a look at this Insight on Business Resilience Management, which lays out the basics of the concept, some of the business benefits, and some approaches to achieving it.   


Endpoint Security, NDR, and SOAR are key technologies in defending against advanced cyber threats. To find out more about the offerings in these markets and how to select the products that are best suited to your organization, have a look at the following Leadership Compasses: 


Reduce the risk of falling victim to industrial espionage and other state-sponsored attacks by looking at this Advisory entitled: Protect Your Cloud Against Hacks and Industrial Espionage, which looks at implementing the proper security tools in your cloud-based environments. 

Find out why there needs to be closer alignment and integration between business continuity and cyber security teams in the face of state-sponsored cyber-attacks in this Advisory Note on Business Continuity in the age of Cyber Attacks.

This Advisory Note on Understanding and Countering Ransomware looks at this popular cybercriminal business model, which can be used as part of state sponsored attacks.

Organizations need to recognize that they are almost as likely to be targeted by state-sponsored cyber-attacks as they are by those carried out by pure cyber criminals. It is essential thar organizations manage all risks, as explained in this Advisory Note entitled: Cyber Risk – Choosing the Right Framework.

State-sponsored cyber-attacks are likely to be responsible for most attacks aimed at operational control systems. For more on this topic and how to defend against such attacks, have a look at this Advisory Note on Plant Automation Security.

State-sponsored attacks aside, the probability of becoming a victim of a cyber-attack is higher than ever, therefore a concrete plan and organizational structure to ensure the impact is minimized is essential for every organization. To find out more, have a look at these Leadership Briefs on Incident Response Management and Responding to Cyber Incidents

If you are considering implementing detection and response tools, but find the market segments confusing, have a look at these Leadership Briefs entitled: Do I Need Endpoint Detection & Response (EDR)?, Do I need Network Threat Detection & Response (NTDR)?, The Differences Between Endpoint Protection (EPP) and Endpoint Detection & Response (EDR), and What (and why) is XDR? 


Our analysts have written several blog posts that offer different perspectives related to state sponsored cyber threats and approaches to dealing with them. Have a look at the list below and select the topics that are most relevant to your organization: 


When it comes to state-sponsored attacks, a proactive security risk management strategy becomes essential. To find out more about how to go about achieving this, have a look at this webinar entitled: Surviving the Cyber Security Attack Wave

In the face of state-sponsored cyber attacks and tools in the hands of cybercriminals, organizations need to have the capability to discover more advanced attacks as soon as possible, which is the topic of this webinar on How to Hunt Threats Effectively With Network Detection & Response Solutions

Moving towards a modern and agile Zero Trust security concept is essential in today's mobile first, work-securely-from-anywhere world, especially in the face of attacks by organized cybercrime groups and state-sponsored attackers. For more on adopting Zero Trust, have a look at these webinars: 

Effective cyber defense depends on detecting, preventing, and mitigating threats not only on desktops, laptops, and servers, but also on the network, in the cloud, and in OT, ICS and IoT. Find out about the importance of a security operations (SecOps) approach in this webinar on Enabling Full Cybersecurity Situational Awareness With NDR and this webinar entitled: Effective Endpoint Security With Automatic Detection and Response Solutions, which highlights the shift in focus of the cybersecurity industry from protection to detection and response.  


Government intervention to control societal impact of cybersecurity events is examined in this white paper entitled: Claroty – Visibility into Vulnerability, which looks at how organizations are facing a brave new world in which government are taking a proactive role in constraining cybersecurity risks.

Understanding an organization’s risk posture and providing transparency, while aligning cyber security efforts with corporate strategies, is a major challenge. Find out how to tackle this challenge in this white paper entitled: Moving towards a holistic Cyber Risk Governance approach

Organizations must have full visibility to their external threat landscape and be aware of potential attacks targeting them. Find out more in this white paper on Getting Ahead of the Cybercriminals: Understanding the External Threat Landscape.

Tech Investment

Organizations investing in technologies to defend against advanced cyber threats can have a look at some of the related technology solutions that we have evaluated: