What global geopolitics means for your cybersecurity

Stark advice came earlier this year, as war loomed in Ukraine. The ACSC warned that “malicious cyber activity could impact Australian organisations,” who should “urgently adopt an enhanced cybersecurity posture”.

In New Zealand, the NCSC predicted “an increased potential for cyberattacks” with “serious impact, even for countries and organisations not directly targeted”.

This geopolitical risk isn’t just about one conflict, no matter how worrying it may be. State-sponsored attackers and social hacktivists are active even in times of peace, as countries jostle for advantage and cybercriminals eye up the opportunities that result. These attacks may fall most heavily upon governments, critical infrastructure and financial services, but their ripples reach everywhere. And, as these government warnings show, every organisation needs to up its game.

South Korea, India and Australia were early targets

The first verified state-sponsored cyberattacks took place in the 1990s. The 2000s saw an escalation, including distributed denial of service (DDoS) attacks on South Korea and the Chinese “Shadow Network” operation, which targeted India and the offices of the Dalai Lama. In 2010 it was Australia’s turn, with government websites targeted by the Anonymous group.

These early attacks gave a hint of cyberwar’s growing complexity:

1. Rather than being fully orchestrated by the military, attacks were more often partly-funded or facilitated, with any official involvement denied
2. Operations had a wide impact – Shadow Network might have focused on India, but the hackers’ caused damage far and wide, affecting computers across Asia, Europe, Africa and the Americas
3. Not all the perpetrators were nation-states hoping to disrupt their rivals – the Anonymous collective’s attack on Australia came in response to proposed laws censoring online content

Geopolitical cyber operations became more widespread during the 2010s, with Sri Lanka, Iran and Canada among the many nations that suffered high-profile cyber assaults.

The ‘cyberisation’ of geopolitics has created a new threat landscape

Today, cyber warfare and its fallout affects not just every country, but every person with an online presence. Increasingly, criminal gangs and nation states are no longer just attacking single organisations. Instead, they’re using vulnerabilities to hack into multiple networks.

Last year saw two seismic attacks that spread fast. The Solar Winds hack quickly spread from a US software company to numerous clients around the planet. The Microsoft Exchange hack, meanwhile, gave attackers access to emails and passwords, plus admin privileges, on 250,000 servers around the world. Australia joined other governments in singling out China’s Ministry of State Security, adding that the cyberattack “undermined international stability and security by opening the door to a range of other actors, including cybercriminals”.

Risks are proliferating further

These attacks are hitting closer to home. Some, such as the attack on the WA Parliament, have been directly linked to nation states. Others, including the CS Energy and Frontier Software beaches, have been claimed by ransomware gangs that are tolerated by their home country – in this case the St Petersburg-based Conti group. The gang operate with the apparent blessing of the Russian state, who may not be under attack themselves, but could benefit from their rivals’ misfortune.

Conflict also brings new opportunities for scammers, who have exploited the war in Ukraine for personal gain. The employment of hackers-for-hire and ransomware as a service (RaaS) will only encourage the expansion of this dark economy.

Single or isolated attacks, while damaging, aren’t the real issue here. The real problem is how interconnected our global data-driven world has become. Even a single attack can compromise vast swathes of interconnected networks. If a government agency using Microsoft infrastructure was hacked, for example, that hack could spread to any organisation, anywhere in the world, that happens to use the same Microsoft technology. That means your organisation could be impacted, even if you weren’t the intended target.

Measures to mitigate increased risk

Governments have responsibility to disrupt state-sponsored cyberattacks, and are taking action against the ransomware plague. But as hackers grow more sophisticated and innovations such as the Internet of Things (IoT) increase the attack surface, organisations must be prepared. Key measures include:

1. Ensuring incident response plans are up to date
2. Undertaking regular backups
3. Building intelligent, business-specific threat insights
4. Making sure your monitoring is scaled, continuous and cost effective
5. Ensuring systems and hardware are running the latest software, with prompt patching
6. Following alerts from the ACSC, NCSC and other key bodies

Ransomware is a major part of this new reality and there are specific measures to combat it. But it’s also worth looking at your cybersecurity posture in general terms. News of geopolitical events may be the trigger your board needs to re-examine department spending. Complying with frameworks such as the Essential Eight can offer useful benchmarks for any organisation seeking to build cyber resilience. Risk-based models can put a dollar value on specific threats, while zero-trust measures can help keep data safe even if you are breached.

The changing geopolitical threat environment and you

Attacks prompted by geopolitics are becoming more widespread and the potential damage is becoming more deadly. Governments, infrastructure and banks are obvious targets, but hackers don’t discriminate: any organisation is at risk. But with a strong cybersecurity strategy and an ear to the ground for incoming threats, you’ll have an excellent chance of weathering the storms to come.