Cyberwarfare. PHOTO: Cybercrime Magazine.

How Geopolitics Affects Cybersecurity

Rampant cyber warfare means the risk of global collateral damage is very real

David Braue

Melbourne, Australia – Jan. 19, 2023

News cameras may have focused on the kinetic war triggered by Russia’s invasion of Ukraine nearly a year ago, but cybersecurity analysts had other concerns — namely, that the inevitable escalation of cyber attacks could spill out into the broader world.

It had happened before, most famously when 2017’s NotPetya — attributed to cyber attackers within Russia’s GRU military intelligence organization who were ultimately charged by U.S. authorities — was targeted at Ukrainian targets but quickly wreaked havoc in every corner of the globe.

NotPetya’s victims were still feeling the sting of the attack as Russian missiles began raining down on Ukrainian cities and villages in Feb. 2022 — which, EY partner Neal Pollard told Cybercrime Magazine, immediately spawned concerns that the resultant cyber war could once again turn into a costly global cyber disaster.

“There’s been talk for a long time about cyber being another battle space… and there’s an expectation that as countries go to war, that cyber will be part of that conflict,” he explained.

“There was concern that this time [a repeat of NotPetya] is exactly what would happen,” he continued, noting a 2021 World Economic Forum estimate that, by the end of 2022, digitalization would underscore 60 percent of global GDP — subsequently revised upwards to 70 percent over the coming decade.

Growing awareness of the risks of such exposure — another poorly-contained malware outbreak could be catastrophic in today’s ever more-connected world — has increased awareness that cyber represents a fundamental threat for today’s business.

For Pollard — a former law professor, terrorism researcher, geopolitical think tank leader, board member of the Cyber Conflict Studies Association, CISO with financial-services giant UBS, and current Columbia University adjunct professor in cybersecurity and business risk — the potential repercussions of cyber warfare are enough to keep every CISO awake at night.

Although defensive strategies have improved in recent years with the widespread adoption of threat intelligence sharing and “a spike in awareness,” Pollard said, “it can always get better.”

“With the creation of cyber threat intelligence as a discipline, larger corporate programs have cyber threat intelligence programs so that engineers understand that you’re not fighting robots; you’re fighting criminals — humans behind keyboards. And that should help inform your defenses.”

The urgency to bolster those defenses is increasing, Conceal CEO Gordon Lawson notes, amidst increasing Russian desperation as the protracted invasion nears its one-year anniversary with little to show for it — beyond, of course, massive casualties and the wanton destruction of Ukraine’s critical social and operational infrastructure.

“Russia has not executed on the battlefield,” explained Lawson, a former defense contractor whose experiences drove him to become a serial cybersecurity innovator. “They have not performed well in the kinetic war, but between the FSB and GRU what they can do in the cyber realm extends their capabilities — and incites fear into not just Ukraine, but also other NATO countries.”

The looming specter of cyber attack “is not going away,” he continued, “but is going to get more intense — and the [attack] vectors are going to get more and more sophisticated as well…. Private companies within those countries, who are in the crosshairs, need to continue to make their defenses more robust.”

Building the resistance, from the ground up

Just how that robustness is achieved, however, depends on the company in question — and the strategies that CISOs adopt to drive both better security technology and more broadly accepted processes.

Phrasing the issues in the right way can make all the difference, Pollard said, crediting Cybersecurity & Infrastructure Security Agency (CISA) Director Jen Easterly with fostering that agency’s ‘Shields Up’ campaign early on after the Ukraine invasion.

By seizing upon a widely understood pop-culture meme, Pollard explained, “it was a great concept and an issuance to companies worldwide that because of the conflict, [CISA] anticipate a change in threat — and because of the change in threat, these are the steps that your security program needs to take.”

Easterly — a cybersecurity pioneer who had previously been honored with Cybercrime Magazine’s 2021 Cybersecurity Person of the Year award — followed up with direct outreach to business-focused organizations like the National Association of Corporate Directors and Corporate Executive Board, which have been increasingly engaged with their memberships with best-practice guides and other outreach to conveyed the urgency of the situation.

“Awareness of the threat has not only gotten better,” said Pollard,” but it has gotten better at much more senior levels that are well beyond the CISO.”

Effective messaging will be even more important this year, as businesses wrestle with budget and staffing issues that may force some hard decisions about where resources are best allocated.

“It goes back to resourcing,” Lawson said, flagging the wide gulf between “very robust cybersecurity budget[s]” at firms like UBS and the under-resourced local schools that continue to be attacked by ransomware gangs and other criminals on a regular basis.

“As a community, we need to get more efficient and offer better value to those smaller organizations,” he continued, “and really give them capabilities where they can withstand these nation-state/criminal attacks against the most common vectors…. We need to continue to be very vigilant.”

As became patently clear over the past year, that vigilance means CISOs must continue to stay actively involved with an increasingly problematic geopolitical context in which networking and peer outreach are proving particularly valuable in shaping their own cybersecurity responses.

That may well mean engaging with expert-led organizations like the Council on Foreign Relations — of which Pollard remains an active member — to monitor peers’ experiences and maintain a more global perspective on current cyber risks.

“It’s people talking to people, who either have a common set of problems or an interesting view that they can add to the conversation,” Pollard explained. “It’s a means of staying engaged, which I think is absolutely critical when it comes to how geopolitics affects cybersecurity.”

“It provides a CISO with a vernacular and tools to execute one of the CISO’s most important jobs,” he continued, “which is explaining what this means to people who don’t know a lot about cybersecurity — and it really helps a CISO understand ‘how is geopolitics going to change my day tomorrow?’”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

About Conceal

Conceal provides a capability that protects people and critical assets against the most advanced threat actors in the world. We are fundamentally changing the approach to cybersecurity by creating a platform where security practitioners can see the latest threat vectors and implement enterprise-wide solutions that comprehensively protect their organization.

With our Conceal platform, we take those core capabilities and evolve them into a commercially available product that incorporates intelligence-grade, Zero Trust technology to protect global companies — of all sizes — from malware and ransomware.

Conceal is leading the fight to protect enterprises from cyber threats — if there is malware, we detect, defend and isolate it from users and the network.