Quorum Cyber has recently unveiled its Global Cyber Risk Outlook Report 2025, shedding light on the evolving landscape of nation-state cyber activities, particularly those originating from China. The report predicts a surge in China’s cyber espionage operations in 2025, targeting Western critical national infrastructure (CNI), intellectual property, and sensitive corporate data. It also underscores the utilization of AI-powered cyber capabilities by state-sponsored Chinese threat actors and others to conduct sophisticated campaigns and avoid detection more effectively.
The alleged involvement of China in data theft through services like DeepSeek has raised significant concerns among cybersecurity leaders. DeepSeek’s privacy policies reportedly permit the storage of user data on servers in China, potentially making it accessible to the Chinese government under local cybersecurity laws. Moreover, research has revealed that DeepSeek incorporates technology capable of transmitting user data to China Mobile, a state-owned entity, intensifying worries about surveillance and data exploitation. These risks have prompted US government entities to swiftly prohibit their personnel from using DeepSeek due to security apprehensions regarding data interception, including keystrokes and IP addresses. This development serves as a stark reminder for chief information security officers (CISOs) of the threats posed by foreign adversaries.
To combat the risks posed by nation-state cyber threats, security leaders must adopt a strategic, multi-layered approach. Here are some key actionable steps that CISOs and security leaders should consider:
1. **Adopt a zero-trust Security Model**: Implementing a zero-trust approach involves verifying every request for access, whether internal or external, through strong authentication like multi-factor authentication (MFA) and enforcing privileged access through tactics such as just-in-time (JIT) and just-enough-access (JEA).
2. **Strengthen supply chain security**: Conduct rigorous third-party risk assessments, implement contractual security obligations for vendors, and continuously monitor supplier network connections for suspicious activity.
3. **Enhance threat intelligence, monitoring, and response**: Maintain cyber threat intelligence (CTI) services, conduct ongoing vulnerability detection and mitigation activities, and leverage automation, including emerging artificial intelligence (AI) services, to streamline cybersecurity processes.
4. **AI and data governance practices**: Define policies and controls for secure AI and data use, monitor third-party AI tools for compliance, and deploy strong AI and data protection controls to prevent unauthorized data exfiltration or manipulation.
5. **Educate end-users on AI risks**: Conduct regular security awareness training for employees on AI tools’ risks, establish guidelines on their appropriate use, and implement policies to prevent sharing sensitive data into public AI models.
7. **Test and improve incident response readiness**: Conduct tabletop exercises, run red team/blue team exercises, and establish clear escalation protocols and contact lists in case of detected espionage attempts.
In navigating the era of AI-augmented cyber threats, CISOs and security leaders must leverage strategic frameworks, advanced security tools, and operationalized processes to counter nation-state industrial espionage effectively. By proactively addressing emerging risks, organizations can enhance the resilience of their operations in an increasingly hostile digital landscape.
*Andrew Hodges, Vice President of Product and Technology at Quorum Cyber.*
