In October last year, Paul Chichester, the Director of Operations at the National Cyber Security Centre, told BBC that the UK suffered as many as 590 significant cyber-attacks in the past year and that he feared there would be more in the coming days.
In the same period, the UK also suffered as many as 30 were Category 2 attacks such as WannaCry and NotPetya that created major disruptions and required cross-departmental response.
"We saw a small scale event ramp up very quickly into a national event. The threat is increasing; you can see criminals and nation states really starting to see the power and the opportunities that attacks in cyberspace can offer them," he said at BBC Radio 4's Today programme.
Nation-state attacks to be more rampant this year
Echoing Chichester's concerns, 93 percent of over 400 infosecurity professionals recently told security firm Tripwire that they feared nation-state cyber attacks will rise in the next 12 months, and that a majority of them (69%) had started taking steps to to defend against nation-state attacks over the past 12 months.
“Recent threats like Triton/Trisis and Industroyer/CrashOverride have made it clear that cyberattacks can have dangerous physical impacts on critical infrastructure. Securing critical infrastructure at the industrial control system layer, where physical meets digital, is absolutely crucial," said Tim Erlin, vice president of product management and strategy at Tripwire.
“Knowing who you are up against can be a helpful input for your defense strategy. However, attribution as a rule is tricky, and attackers can put up very sophisticated false flags to make someone else look like the attacker.
"Knowing your adversary can be helpful in responding to an attack, but in building a proactive defense strategy you don’t want to get distracted by who the threat actor is versus preparing for the actual threat," he added.
Firms still vulnerable to nation-state attacks
According to a survey carried out by Tripwire, even though 69 percent of infosec professionals said their organisations are taking steps to fight against nation-state attacks, one in five of them (22 percent) are still not prepared at all to take on such challenges.
This is despite the fact that 83 percent said they believe nation-states will expand their targets to attack more private (non-government) organizations over the next year.
For instance, a report from security research firm Corero revealed last year that as many as 39% of critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers, and transport organisations did not complete the government-mandated '10 Steps to Cyber Security’ programme.
The lack of preparation on part of critical infrastructure firms, NHS organisations, as well as large and medium businesses to guard against cyber-attacks in the future has increased the possibility of such firms falling victims to future attacks.
Use of legacy systems has also endangered the security of other critical assets like the Trident nuclear submarines, aircraft carriers, nuclear power plants and other energy firms.