The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape

Uploaded on 2024-11-21 in INTELLIGENCE--International, FREE TO VIEW

Geopolitics, cyber-threats, and cybersecurity are strongly interconnected. This can result in geopolitical pressures in one part of the world having an unforeseen but very tangible impact on the cybersecurity of organisations in other continents.

To understand this, it is necessary to firstly understand how cyber facilitates the activities of nation states, criminal and terrorist groups, and single-issue groups; and secondly the impact of how these groups forge alliances and co-operate.

Let’s first address cyber as a facilitator. Cyber is an extension of the traditional ways that nation states project power and influence; criminal and terrorist groups conduct their activities; and single-issue groups undertake influence operations. However, cyber is also a force-multiplier as it enables an attack, a scam, or a message to reach far more targets than in pre-cyber and Internet times, but with little extra effort from the attacker.

Secondly, cyber reflects the formal and informal geopolitical alliances of the moment. So, the current political alignment of Russia, Iran, and North Korea is also manifested in the sharing of cyberattack weapons, and joint targeting. The complex relationships between nation states and organised crime and terrorist groups also has an impact on cyberattacks with some notionally criminal attackers such as the Russian Business Network seen to be focused on what appear to be politically motivated attacks on Ukraine and its allies.

Likewise, attacks on Israeli interests worldwide have come from a wide range of groups with a loose affiliation to Iran.

This complex environment is not all to the benefit of the attacker though. Firstly, threat actors aren’t all aligned with the same agenda. In fact, we’ve seen that they often actually have conflicting objectives. While nation-state actors follow their political doctrine of the moment, single-issue groups, despite targeting the same victims, may be seeking a very different outcome, and criminal groups will always be looking for the bottom-line return on investment. Overall, this can dilute their effectiveness. 

Supporting this view, this year globally significant events such as the US presidential election were seen as an opportunity for these actors to utilise cyber in support of their agenda. However, evidence suggests that the influence of cyber operations on both US and UK elections was less than analysts expected for several reasons.

Here’s my thinking.

In addition to the lack of real alignment between attackers, governments have significantly strengthened their defenses in recent years to minimize the number of cyberattack campaigns reaching their intended targets. Finally, there’s a growing lack of confidence and trust in the truth of ANY information published online.

While it’s often written that cyberattacks are increasing in frequency. In fact, the total number of ransomware attacks decreased by 7% from 2023 to 2024. In contrast, the ransom fees requested rose fivefold from $400,000 to almost $2,000,000 over the same period. 

These trends are in part because cybersecurity technology vendors’ defensive capabilities have increased costs for attackers.

As a result, the scattergun attacks against multiple targets that used to be common are much less effective. Furthermore, as defenders, including threat intelligence and threat hunting teams, have become more sophisticated, the low-sophistication scattergun attacks can increase the risk of them revealing their identity. In turn, threat actors have adapted their tactics by targeting more lucrative organisations. They now spend more time on research, reconnaissance, and designing stealthy attacks to evade being identified or caught red handed.

Despite this, the ultimate aim of financially motivated threat actors remains the same: to make the option of paying the ransom fee much easier for businesses than to recover their systems and data without paying.  

But while, arguably, a higher percentage of organizations that are hit are targeted specifically, it’s still often difficult for them to comprehend why they’ve been attacked. There can be a wide range of reasons for this. It might be that they operate in, or trade with, a particular country or region that is involved in an ongoing conflict or has enforced a trade embargo on another country. It could be because they’ve invested in fossil fuels, or it’s possibly something much more subtle. 

This is why it’s important for every organization to understand its threat profile, the likely threats facing its sector and its regions of operation, develop a defense and response plan that is proportionate to the threat posed, and review it regularly.

This can be challenging to do without support, and not all cybersecurity vendors understand enough of the geopolitical landscape to really enable an organization to produce a defense and response plan that is proportionate to the current threat.

I strongly suggest asking any cybersecurity vendor for their assessment of the risk to your organization and some analysis of what it means, before signing on the bottom line.

Bob Hayes is Chair of the Strategic Advisory Board at Quorum Cyber

Image: 

You Might Also Read:

What Can Be Done About Cyber Threat Actors Weaponizing AI?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« The Industries Facing The Biggest Cyber Threats
Ireland Orders X, TikTok & Instagram To Cut Terrorist Content »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

LiveVault

LiveVault

LiveVault delivers fully automated, turnkey, backup over the Internet or a private network connection for uninterrupted remote data protection.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

Ascent Cyber

Ascent Cyber

Ascent Cyber provide simple and stress-free solutions to protect your business and its customers from the worries and costs of cybercrime.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Clango

Clango

Clango employs an identity-centric approach to optimizing your cybersecurity investment while minimizing risk.

12Port

12Port

12Port network security solutions help companies tackle modern cybersecurity threats cost-effectively while implementing zero-trust architectures.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.