Geopolitical shifts, and how they affect your cyber security needs

It's easy to argue that global politics are in a volatile state, to say the least. In the last few years alone we've seen numerous trade disputes, cracks in relationships, and the start of major conflicts - which show no signs of slowing down.

With the West and China locked in a seemingly endless battle to dominate global trade, the ongoing war in Ukraine, and more recently the crisis in Israel and Gaza, there are no shortages of global challenges and economic shocks.

The UK positions itself as a world leader and frequently gets involved in geopolitical events, placing a big target on its back for unfriendly governments. And as the world has become increasingly digitalised, it has opened up a new frontier with which to conduct under the table warfare; the digital realm.

Why do geopolitical events change security needs?

Businesses already face vast, and growing, numbers of cyber threats on a day-to-day basis. The majority of these threat actors come from foreign countries, and leverage advanced tools, skills, and persistence in order to break into your organisation's networks and cause as much disruption as possible - with the ultimate goal of extorting a significant financial sum from their victims.

Any shift in political alliances, territorial disputes, and diplomatic tensions can serve as a catalyst for increased cyber threats and attacks - particularly when an involved nation is an unfriendly one. Geopolitical tensions typically result in three key strategic needs for involved parties; the need for intelligence, the need to assert authority, and the need to complete strategic objectives such as financing. All three of these can be directly achieved to varying degrees through the use of cyber crime.

The role of state-sponsored hackers

Simply put, state-sponsored hacking groups can cause complete chaos, and with access to near-bottomless levels of government funding they can put their advanced skills and technology to political use, forwarding the strategic aims of their sponsors by infiltrating and disrupting national infrastructure, government systems, and private businesses. Only recently, in April 2023, UK Cabinet Office ministers warned that Russia-aligned hackers were seeking to "disrupt and destroy" British critical infrastructure. The National Cyber Security Centre further warned that UK infrastructure is currently not doing enough to protect itself from cyber threats.

Alongside the usual financial motivation, the majority of state-sponsored threat actors are ideologically motivated, and quite often furthering their own personal goals - making them highly persistent. Their tactics will largely stay the same - surveying for weaknesses, exploit a vulnerability (whether internal, external, or human), and begin the breach.

As an example of one of the largest state-sponsored cyber attacks of all time, in early 2016 the Bangladesh national bank was targeted by the North-Korea backed Lazarus Group. After breaking into the bank's systems with a custom built malware configured for attacks on a specific bank, the hackers were able to send four fake payment instructions that tricked the US Federal Bank into paying out over $81 million US Dollars - and it could have been even more - $1 billion to be exact - if not for a stroke of luck. The hackers' approach was described as "masterly in its foresight and complexity", taking "a huge amount of skill to understand the target systems and to be able to subvert them the way they did".

What can you do to stay protected?

What's clear is that state-sponsored hacking groups are a genuine, serious, threat to your organisation. What isn't always clear is how you can stop them from making your business their next victim.

The Lazarus Heist used an incredibly advanced, custom built, and bespoke piece of malware for their heist on the Bangladesh Bank. While it's fair to say that this isn't a particularly common approach, all threat actors - both government backed and independent - leverage their own advanced technologies to target your business.

The only way to protect your business and its critical assets, is through a comprehensive cyber security strategy. This means that all areas of your IT ecosystem are as protected with advanced technology of your own.

You should always have a Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) solution in place. EDR solutions guard all of your individual endpoints, monitoring for malicious activity and notifying your security teams if necessary; they also allow you to isolate infected systems from the rest of your network, preventing lateral spread and escalation of a cyber attack. Your SIEM solution should scan your network as a whole, and leverage AI and automation, such as machine learning, for advanced threat detection capabilities - including the ability to spot even the most novel of threats.

Attack Surface Management is vital for making sure that your business is protected from all external, internal, and human threats to its ecosystem. Regularly scanning and reviewing your security strategy in order to identify weaknesses and vulnerabilities is a powerful way to reinforce any weaknesses in your posture. From an unpatched piece of software to an employee vulnerable to phishing, Attack Surface Management ensures that there are no holes in your fence.

Finally, an Incident Response plan is absolutely crucial so that when the time comes that your security teams are faced with a cyber incident, they are able to act in a swift and, importantly, controlled manner. Minimising the amount of time that hackers have access to your network is pivotal in minimising the damage from a breach.

Speak to a member of the Celerity team

Celerity offers a range of Managed Cyber Security Services, taking the pressure off your in-house teams and ensuring that every corner of your business’ IT ecosystem is protected.

If you’re experiencing challenges with managing your security resource in-house, then speak to a member of the Celerity team today to learn how our Security portfolio can help to reinforce your cyber defences.