The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape

Geopolitics, cyber-threats, and cybersecurity are strongly interconnected. This can result in geopolitical pressures in one part of the world having an unforeseen but very tangible impact on the cybersecurity of organisations in other continents.

To understand this, it is necessary to firstly understand how cyber facilitates the activities of nation states, criminal and terrorist groups, and single-issue groups; and secondly the impact of how these groups forge alliances and co-operate.

Let’s first address cyber as a facilitator. Cyber is an extension of the traditional ways that nation states project power and influence; criminal and terrorist groups conduct their activities; and single-issue groups undertake influence operations. However, cyber is also a force-multiplier as it enables an attack, a scam, or a message to reach far more targets than in pre-cyber and Internet times, but with little extra effort from the attacker.

Secondly, cyber reflects the formal and informal geopolitical alliances of the moment. So, the current political alignment of Russia, Iran, and North Korea is also manifested in the sharing of cyberattack weapons, and joint targeting. The complex relationships between nation states and organised crime and terrorist groups also has an impact on cyberattacks with some notionally criminal attackers such as the Russian Business Network seen to be focused on what appear to be politically motivated attacks on Ukraine and its allies.

Likewise, attacks on Israeli interests worldwide have come from a wide range of groups with a loose affiliation to Iran.

This complex environment is not all to the benefit of the attacker though. Firstly, threat actors aren’t all aligned with the same agenda. In fact, we’ve seen that they often actually have conflicting objectives. While nation-state actors follow their political doctrine of the moment, single-issue groups, despite targeting the same victims, may be seeking a very different outcome, and criminal groups will always be looking for the bottom-line return on investment. Overall, this can dilute their effectiveness. 

Supporting this view, this year globally significant events such as the US presidential election were seen as an opportunity for these actors to utilise cyber in support of their agenda. However, evidence suggests that the influence of cyber operations on both US and UK elections was less than analysts expected for several reasons.

Here’s my thinking.

In addition to the lack of real alignment between attackers, governments have significantly strengthened their defenses in recent years to minimize the number of cyberattack campaigns reaching their intended targets. Finally, there’s a growing lack of confidence and trust in the truth of ANY information published online.

While it’s often written that cyberattacks are increasing in frequency. In fact, the total number of ransomware attacks decreased by 7% from 2023 to 2024. In contrast, the ransom fees requested rose fivefold from $400,000 to almost $2,000,000 over the same period. 

These trends are in part because cybersecurity technology vendors’ defensive capabilities have increased costs for attackers.

As a result, the scattergun attacks against multiple targets that used to be common are much less effective. Furthermore, as defenders, including threat intelligence and threat hunting teams, have become more sophisticated, the low-sophistication scattergun attacks can increase the risk of them revealing their identity. In turn, threat actors have adapted their tactics by targeting more lucrative organisations. They now spend more time on research, reconnaissance, and designing stealthy attacks to evade being identified or caught red handed.

Despite this, the ultimate aim of financially motivated threat actors remains the same: to make the option of paying the ransom fee much easier for businesses than to recover their systems and data without paying.  

But while, arguably, a higher percentage of organizations that are hit are targeted specifically, it’s still often difficult for them to comprehend why they’ve been attacked. There can be a wide range of reasons for this. It might be that they operate in, or trade with, a particular country or region that is involved in an ongoing conflict or has enforced a trade embargo on another country. It could be because they’ve invested in fossil fuels, or it’s possibly something much more subtle. 

This is why it’s important for every organization to understand its threat profile, the likely threats facing its sector and its regions of operation, develop a defense and response plan that is proportionate to the threat posed, and review it regularly.

This can be challenging to do without support, and not all cybersecurity vendors understand enough of the geopolitical landscape to really enable an organization to produce a defense and response plan that is proportionate to the current threat.

I strongly suggest asking any cybersecurity vendor for their assessment of the risk to your organization and some analysis of what it means, before signing on the bottom line.

Bob Hayes is Chair of the Strategic Advisory Board at Quorum Cyber

Image: 

You Might Also Read:

What Can Be Done About Cyber Threat Actors Weaponizing AI?:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« The Industries Facing The Biggest Cyber Threats
Ireland Orders X, TikTok & Instagram To Cut Terrorist Content »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

KPN Security

KPN Security

KPN Security is the largest and most complete provider of IT security services in the Netherlands.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.