Back to Blog

Geopolitical Cyber Warfare

The current geopolitical events together with the exponential increase of Ransomware and other fraud means the risk for businesses have never been higher.

Etienne Greeff
Etienne Greeff

Jun 08, 2022

As a security practitioner with a particular interest in the geopolitical aspects of cybersecurity, it is somewhat difficult for me to comment on the cyber aspects of the military conflict in Ukraine. The war is a desperate situation with huge losses on both sides. It does behove me as a professional to give our customers advice on how to respond to these momentous events as they impact every single one of us. 

In the day to day of any business we are always balancing the risks originating from state actors using cyber to project power, the structural forces affecting our businesses which include the threats relating to how we put together our IT systems and lastly dealing with rapid technology changes. Generally, we attempt to observe geopolitical forces and structural factors so we can orient ourselves to be able to deal with the impact. We attempt to control and react to the rapid changes of technology within our organisations as we embrace new ways of working, accelerated by the pandemic. 

When major geopolitical changes happen, as they have over the past weeks, some factors such as the effect of geopolitical actions increase the importance of the geopolitical driven threats. 

One of the consequences of using the Internet is that it is a shared medium and all of us are often unwitting participants in situations of war.

In the case of the Russian invasion of Ukraine all businesses which rely on the Internet became unwitting participants in the conflict. 

We have seen Western companies like Microsoft and Fortinet enter the fray. Microsoft to share intelligence to disrupt a large-scale malware attack targeting Ukraine. Fortinet to stop a large-scale distributed denial of service attack. We have also learned that the US Army’s Cyber Command has worked with private companies to disable some malware which was designed to wipe computer systems within the Ukrainian train service, prior to the Russian invasion. If this malware was still present during the invasion it could have prevented the mass evacuation of civilians. 

The reality is every single organisation should consider themselves a participant in the conflict. When state sponsored actors attack, the odds are stacked against any resource constrained organisation. 

It is important to plan for the worst and balance spending across the ability to assess your weaknesses and detect attacks, deploying technology to protect your environments and ensuring you have an incident response plan in place to recover from an attack. 

It is also true that even state sponsored adversaries will exploit structural factors within business! 

 

Our recommendations would be: 

  1. Embed security into your digital transformation initiatives
    • Think security ‘of’ the cloud versus security ‘in’ the cloud
      • Consider Cloud Security Posture Management services 
      • Review the security of applications within the cloud 
  2. Even state actors use legacy techniques – be aware of common themes such as:
    • Spear Phishing is the most common infection vector 
    • Known vulnerabilities are exploited 
    • Supply side attacks – Do your suppliers practice what they preach? 
  3. Simulate a determined threat actor – penetration testing
    • Use a CREST accredited firm knowing they use best practices 
    • Be aware of poor-quality penetration testing that is fundamentally just a vulnerability scan with commentary 
  4. Plan for the worst by balancing spending across these areas:
    • Assessing Risk
    • Detecting attacks
    • Protecting your assets
    • Responding to attacks
    • Recovering from attacks

Blogs and news

Reflecting on 2022 and looking forward to 2023

Reflecting on 2022 and looking forward to 2023

Thought leader Etienne Greeff shares his views on how 2022 shaped the cyber landscape, his predictions for 2023, what we should expect & ho...

MYTH 2: Unpatched systems exposing known vulnerabilities will welcome attacks

MYTH 2: Unpatched systems exposing known vulnerabilities will welcome attacks

One example of a cybersecurity fallacy is the claim that unpatched systems exposing known vulnerabilities will welcome attacks.

MYTH 1: The rise in remote working and the increased risk to remote end points

MYTH 1: The rise in remote working and the increased risk to remote end points

The rise in remote working has significantly increased the risk of attacks on remote end points. This is a misconception.