From Equifax to the SEC: Who is behind massive cyberattacks?

A recent string of high-profile cyberattacks has revealed not only vulnerabilities within U.S. companies and federal agencies but also an increasingly intricate and complex set of planned attacks, indicating there could be state-sponsors behind them, one cybersecurity expert said.

“The scale you’re seeing some of these attacks and you’re not necessarily [seeing the information used right away] … they probably have nation-state sponsorships,” Joshua Douglas, Raytheon's chief strategy officer of cyber services, told FOX Business. “That could be direct nation-state activity or a group that is funded or supported [by a nation-state].”

Douglas said the complexity and length of the attacks on the U.S. Securities and Exchange Commission, credit reporting agency Equifax (NYSE:EFX) and global accounting firm Deloitte, indicated patience and planning. Additionally, several entities within the same marketplace were targeted, allowing thieves to access a trove of data points that can be correlated back to singular individuals or companies.

“It provides a level of data that allows you to either create more sophisticated attacks … or just gain information about people’s habits,” Douglas added.

When it comes to protection, Douglas said there are a number of credit monitoring services individuals can enroll in to keep a closer eye on sensitive information.

However, where companies are concerned, he said they need to focus their attention inwards instead of focusing on building a hard outer shell.

“I think most companies are focused on the outside very heavily, which is good, you don’t want to discount that … but I think that we fail to realize that once an outsider makes it in, that you don’t have that second tier or third tier of support and security to protect the most important assets,” Douglas pointed out.

Since different countries have varying levels of punishment for cybercrimes and in some regions, the punishment may not be harsh enough to deter criminals from initiating a breach in the first place, the U.S. needs to focus on its own security and infrastructure, Douglas said.

While Equifax CEO Richard Smith retired on Tuesday, he is scheduled to appear before Congress next week. SEC chair Jay Clayton testified before the Senate Banking Committee on Tuesday, where he divulged little new information about the attack on the federal agency.