The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape

Uploaded on 2024-11-21 in INTELLIGENCE--International, FREE TO VIEW

Geopolitics, cyber-threats, and cybersecurity are strongly interconnected. This can result in geopolitical pressures in one part of the world having an unforeseen but very tangible impact on the cybersecurity of organisations in other continents.

To understand this, it is necessary to firstly understand how cyber facilitates the activities of nation states, criminal and terrorist groups, and single-issue groups; and secondly the impact of how these groups forge alliances and co-operate.

Let’s first address cyber as a facilitator. Cyber is an extension of the traditional ways that nation states project power and influence; criminal and terrorist groups conduct their activities; and single-issue groups undertake influence operations. However, cyber is also a force-multiplier as it enables an attack, a scam, or a message to reach far more targets than in pre-cyber and Internet times, but with little extra effort from the attacker.

Secondly, cyber reflects the formal and informal geopolitical alliances of the moment. So, the current political alignment of Russia, Iran, and North Korea is also manifested in the sharing of cyberattack weapons, and joint targeting. The complex relationships between nation states and organised crime and terrorist groups also has an impact on cyberattacks with some notionally criminal attackers such as the Russian Business Network seen to be focused on what appear to be politically motivated attacks on Ukraine and its allies.

Likewise, attacks on Israeli interests worldwide have come from a wide range of groups with a loose affiliation to Iran.

This complex environment is not all to the benefit of the attacker though. Firstly, threat actors aren’t all aligned with the same agenda. In fact, we’ve seen that they often actually have conflicting objectives. While nation-state actors follow their political doctrine of the moment, single-issue groups, despite targeting the same victims, may be seeking a very different outcome, and criminal groups will always be looking for the bottom-line return on investment. Overall, this can dilute their effectiveness. 

Supporting this view, this year globally significant events such as the US presidential election were seen as an opportunity for these actors to utilise cyber in support of their agenda. However, evidence suggests that the influence of cyber operations on both US and UK elections was less than analysts expected for several reasons.

Here’s my thinking.

In addition to the lack of real alignment between attackers, governments have significantly strengthened their defenses in recent years to minimize the number of cyberattack campaigns reaching their intended targets. Finally, there’s a growing lack of confidence and trust in the truth of ANY information published online.

While it’s often written that cyberattacks are increasing in frequency. In fact, the total number of ransomware attacks decreased by 7% from 2023 to 2024. In contrast, the ransom fees requested rose fivefold from $400,000 to almost $2,000,000 over the same period. 

These trends are in part because cybersecurity technology vendors’ defensive capabilities have increased costs for attackers.

As a result, the scattergun attacks against multiple targets that used to be common are much less effective. Furthermore, as defenders, including threat intelligence and threat hunting teams, have become more sophisticated, the low-sophistication scattergun attacks can increase the risk of them revealing their identity. In turn, threat actors have adapted their tactics by targeting more lucrative organisations. They now spend more time on research, reconnaissance, and designing stealthy attacks to evade being identified or caught red handed.

Despite this, the ultimate aim of financially motivated threat actors remains the same: to make the option of paying the ransom fee much easier for businesses than to recover their systems and data without paying.  

But while, arguably, a higher percentage of organizations that are hit are targeted specifically, it’s still often difficult for them to comprehend why they’ve been attacked. There can be a wide range of reasons for this. It might be that they operate in, or trade with, a particular country or region that is involved in an ongoing conflict or has enforced a trade embargo on another country. It could be because they’ve invested in fossil fuels, or it’s possibly something much more subtle. 

This is why it’s important for every organization to understand its threat profile, the likely threats facing its sector and its regions of operation, develop a defense and response plan that is proportionate to the threat posed, and review it regularly.

This can be challenging to do without support, and not all cybersecurity vendors understand enough of the geopolitical landscape to really enable an organization to produce a defense and response plan that is proportionate to the current threat.

I strongly suggest asking any cybersecurity vendor for their assessment of the risk to your organization and some analysis of what it means, before signing on the bottom line.

Bob Hayes is Chair of the Strategic Advisory Board at Quorum Cyber

Image: 

You Might Also Read:

What Can Be Done About Cyber Threat Actors Weaponizing AI?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« The Industries Facing The Biggest Cyber Threats
Ireland Orders X, TikTok & Instagram To Cut Terrorist Content »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Cybellum

Cybellum

Cybellum brings the entire product security workflow into one dedicated platform, allowing device manufacturers to keep the connected products they build cyber-secure and cyber-compliant.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

Neurosoft

Neurosoft

Neursoft is a fully integrated ICT company with Software Development, System Integration and Information Technology Security capabilities.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.