Do SMEs need to worry about state-sponsored Cyber Threats?

By December 1, 2022 No Comments

As someone battling with the typical challenges of growing an SME, a state-sponsored cyber attack may be the last thing you expect to be concerned about. However, small-to-medium businesses are increasingly at risk of being caught in the middle of international cyber warfare. Which is a very real cyber threat to small businesses.

International tensions are at an all-time high due to the ongoing invasion of Ukraine and other regional issues around the world. And crippling sanctions on the Russian government and business interests have sparked fears of reprisals in the form of state-sponsored cyber attacks.

The UK’s National Cyber Security Centre (NCSC) has issued warnings regarding the heightened threat level. The UK’s chief CyberSecurity watchdog urges businesses to bolster their cyber defences against an expected cyber attack campaign by Russian state-sponsored actors.

What are state-sponsored cyber threats?

State-sponsored cyber-threats are threats that are directly linked to a nation-state. Typically, they direct cyber attacks toward other countries’ businesses, governments or other critical infrastructure. The overarching goal is to further the interests of their nation while impeding those of other nations.

However, the immediate objective of a state-sponsored attack is usually to:

  • Identify and exploit national infrastructure vulnerabilities
  • Gather intelligence
  • Exploit systems, businesses and people for money

And small and medium-sized businesses are increasingly getting caught up in the crossfire around this.

Why are State-sponsored cyber attacks on the rise?

After a significant lull, tensions between various global powers have been rising for the last decade. Conventionally, this tension exists between the so-called superpowers of the West (consisting primarily of the U.S., Canada, UK, and Europe) and the East (consisting primarily of China, Russia, and North Korea).

At a global level, sanctions are increasingly used as a means of economic warfare while avoiding full-blown conflict. Sanctions pressure a nation’s economy and stifle legitimate cash flow in and out of the target country. This pushes governments to use cyber crime as a means to relieve some pressure and obtain an influx of foreign money.

The economic pressure applied by recent sanctions on Russia, in response to its war in Ukraine, is triggering a new wave of state-sponsored cybercrime targeting UK interests at all levels – government, business and society at large. Russian-backed cyber gangs are known to be targeting companies, government agencies and critical infrastructure. However, state-sponsored attacks are often indiscriminate, causing collateral damage to businesses up and down the supply chain.

And small and medium-sized businesses are not immune to the threat.

What does the current threat look like?

In a joint Cybersecurity Advisory, authorities warn that Russia’s invasion of Ukraine could expose businesses both within and beyond the region to increased malicious cyber activity. The threat not only comes from independent cybercrime gangs but also from government entities, such as:

  • The Russian Federal Security Service (FSB)
  • Russian Foreign Intelligence Service (SVR)
  • Russian General Staff Main Intelligence Directorate (GRU)
  • Russian Ministry of Defense

In particular, there has been a significant spike in ransomware and DDoS attacks in the aftermath of the invasion. These attacks are popular due to the relative ease and scale at which they can be deployed and their potential to disrupt business activities.

The mistake SMEs typically make is to believe that they are below the notice of nation-state actors. Unfortunately, many large-scale attacks are indiscriminate in their nature. Aside from targeting SMEs purely for financial gain, a successful breach of SMEs further down the supply chain can open the door to infiltrating government agencies or critical infrastructure.

This is essentially what happened during three of the most damaging international cyber security incidents of recent years at SolarWinds, Kaseya and NotPetya. These attacks affected thousands of businesses of all sizes worldwide, including in the UK.

What’s more, hackers know that SMEs typically don’t have advanced cybersecurity measures in place to prevent sophisticated attacks. In fact, 30% of UK businesses don’t have any cybersecurity strategy in place.

How to protect your business interests against state-sponsored cybercrime

Even before the recent invasion of Ukraine, the NCSC has updated its cybersecurity guidelines for UK businesses. This advice is now more relevant than ever for SMEs:

  • Ensure secure backups are in place: While the primary aim is financial gain, state-sponsored attacks are also aimed at causing disruption and collateral damage. For example, ransomware not only leads to data theft but, potentially, also the permanent loss of data. Even if the ransom is paid. Businesses can mitigate damage and minimize loss by routinely and securely backing up valuable data.
  • Update and patch: A significant number of hacking attempts target known vulnerabilities in old software or hardware systems. Vendors frequently release security patches and updates that address newly discovered vulnerabilities. Regularly updating your systems – together with regular security monitoring – is one of the most effective ways to eliminate potential entry points for attackers.
  • Enforce strong user authentication practices: Weak passwords and unsafe user login practices are a significant threat to a business’s security perimeter. In fact, human error plays a role in the majority of successful cyber attacks. Businesses need to implement secure Identity and Access Management (IAM) practices, such as single sign-on (SSO), strong passwords, multi-factor authentication (MFA), etc.
  • Implement an Incident Response (IR) and Disaster Recovery (DR) plan: The damage and loss suffered as a result of a cyber attack are inversely proportional to the speed and effectiveness of your response. A formal IR and DR plan ensures everyone understands how to respond to a suspected attack. Including roles, lines of communication and business disaster recovery
  • Cybersecurity training and education: Your employees are on the frontline of your cybersecurity defences. And, your business security is only as strong as its weakest link. Regularly updated security training will empower employees to be able to identify and respond to the latest cybersecurity threats.


Protecting an SME against state-sponsored cyber attacks is no easy task. An attack can come from any angle and involve sophisticated techniques that many SMEs simply don’t have the resources and expertise to deal with.

Not only does safeguarding your business require a thorough cyber security assessment, but an in-depth understanding of the current threat landscape and the most effective security solutions. And we have not even begun to delve into the regulatory and compliance requirements, particularly when working with sensitive consumer data or government contracts.

This is where leveraging the experience of a dedicated managed IT service provider can make all the difference. If we can help secure your business – do not hesitate to contact us for a no-obligation discussion around your needs.