The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape

Uploaded on 2024-11-21 in INTELLIGENCE--International, FREE TO VIEW

Geopolitics, cyber-threats, and cybersecurity are strongly interconnected. This can result in geopolitical pressures in one part of the world having an unforeseen but very tangible impact on the cybersecurity of organisations in other continents.

To understand this, it is necessary to firstly understand how cyber facilitates the activities of nation states, criminal and terrorist groups, and single-issue groups; and secondly the impact of how these groups forge alliances and co-operate.

Let’s first address cyber as a facilitator. Cyber is an extension of the traditional ways that nation states project power and influence; criminal and terrorist groups conduct their activities; and single-issue groups undertake influence operations. However, cyber is also a force-multiplier as it enables an attack, a scam, or a message to reach far more targets than in pre-cyber and Internet times, but with little extra effort from the attacker.

Secondly, cyber reflects the formal and informal geopolitical alliances of the moment. So, the current political alignment of Russia, Iran, and North Korea is also manifested in the sharing of cyberattack weapons, and joint targeting. The complex relationships between nation states and organised crime and terrorist groups also has an impact on cyberattacks with some notionally criminal attackers such as the Russian Business Network seen to be focused on what appear to be politically motivated attacks on Ukraine and its allies.

Likewise, attacks on Israeli interests worldwide have come from a wide range of groups with a loose affiliation to Iran.

This complex environment is not all to the benefit of the attacker though. Firstly, threat actors aren’t all aligned with the same agenda. In fact, we’ve seen that they often actually have conflicting objectives. While nation-state actors follow their political doctrine of the moment, single-issue groups, despite targeting the same victims, may be seeking a very different outcome, and criminal groups will always be looking for the bottom-line return on investment. Overall, this can dilute their effectiveness.

Supporting this view, this year globally significant events such as the US presidential election were seen as an opportunity for these actors to utilise cyber in support of their agenda. However, evidence suggests that the influence of cyber operations on both US and UK elections was less than analysts expected for several reasons.

Here’s my thinking.

In addition to the lack of real alignment between attackers, governments have significantly strengthened their defenses in recent years to minimize the number of cyberattack campaigns reaching their intended targets. Finally, there’s a growing lack of confidence and trust in the truth of ANY information published online.

While it’s often written that cyberattacks are increasing in frequency. In fact, the total number of ransomware attacks decreased by 7% from 2023 to 2024. In contrast, the ransom fees requested rose fivefold from $400,000 to almost $2,000,000 over the same period.

These trends are in part because cybersecurity technology vendors’ defensive capabilities have increased costs for attackers.

As a result, the scattergun attacks against multiple targets that used to be common are much less effective. Furthermore, as defenders, including threat intelligence and threat hunting teams, have become more sophisticated, the low-sophistication scattergun attacks can increase the risk of them revealing their identity. In turn, threat actors have adapted their tactics by targeting more lucrative organisations. They now spend more time on research, reconnaissance, and designing stealthy attacks to evade being identified or caught red handed.

Despite this, the ultimate aim of financially motivated threat actors remains the same: to make the option of paying the ransom fee much easier for businesses than to recover their systems and data without paying.

But while, arguably, a higher percentage of organizations that are hit are targeted specifically, it’s still often difficult for them to comprehend why they’ve been attacked. There can be a wide range of reasons for this. It might be that they operate in, or trade with, a particular country or region that is involved in an ongoing conflict or has enforced a trade embargo on another country. It could be because they’ve invested in fossil fuels, or it’s possibly something much more subtle.

This is why it’s important for every organization to understand its threat profile, the likely threats facing its sector and its regions of operation, develop a defense and response plan that is proportionate to the threat posed, and review it regularly.

This can be challenging to do without support, and not all cybersecurity vendors understand enough of the geopolitical landscape to really enable an organization to produce a defense and response plan that is proportionate to the current threat.

I strongly suggest asking any cybersecurity vendor for their assessment of the risk to your organization and some analysis of what it means, before signing on the bottom line.

Bob Hayes is Chair of the Strategic Advisory Board at Quorum Cyber

Image:

You Might Also Read:

What Can Be Done About Cyber Threat Actors Weaponizing AI?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.