Blog

Geopolitical Cyber Warfare

Written by Etienne Greeff | Jun 8, 2022 4:10:54 PM

As a security practitioner with a particular interest in the geopolitical aspects of cybersecurity, it is somewhat difficult for me to comment on the cyber aspects of the military conflict in Ukraine. The war is a desperate situation with huge losses on both sides. It does behove me as a professional to give our customers advice on how to respond to these momentous events as they impact every single one of us. 

In the day to day of any business we are always balancing the risks originating from state actors using cyber to project power, the structural forces affecting our businesses which include the threats relating to how we put together our IT systems and lastly dealing with rapid technology changes. Generally, we attempt to observe geopolitical forces and structural factors so we can orient ourselves to be able to deal with the impact. We attempt to control and react to the rapid changes of technology within our organisations as we embrace new ways of working, accelerated by the pandemic. 

When major geopolitical changes happen, as they have over the past weeks, some factors such as the effect of geopolitical actions increase the importance of the geopolitical driven threats. 

One of the consequences of using the Internet is that it is a shared medium and all of us are often unwitting participants in situations of war.

In the case of the Russian invasion of Ukraine all businesses which rely on the Internet became unwitting participants in the conflict. 

We have seen Western companies like Microsoft and Fortinet enter the fray. Microsoft to share intelligence to disrupt a large-scale malware attack targeting Ukraine. Fortinet to stop a large-scale distributed denial of service attack. We have also learned that the US Army’s Cyber Command has worked with private companies to disable some malware which was designed to wipe computer systems within the Ukrainian train service, prior to the Russian invasion. If this malware was still present during the invasion it could have prevented the mass evacuation of civilians. 

The reality is every single organisation should consider themselves a participant in the conflict. When state sponsored actors attack, the odds are stacked against any resource constrained organisation. 

It is important to plan for the worst and balance spending across the ability to assess your weaknesses and detect attacks, deploying technology to protect your environments and ensuring you have an incident response plan in place to recover from an attack. 

It is also true that even state sponsored adversaries will exploit structural factors within business! 

 

Our recommendations would be: 

  1. Embed security into your digital transformation initiatives
    • Think security ‘of’ the cloud versus security ‘in’ the cloud
      • Consider Cloud Security Posture Management services 
      • Review the security of applications within the cloud 
  2. Even state actors use legacy techniques – be aware of common themes such as:
    • Spear Phishing is the most common infection vector 
    • Known vulnerabilities are exploited 
    • Supply side attacks – Do your suppliers practice what they preach? 
  3. Simulate a determined threat actor – penetration testing
    • Use a CREST accredited firm knowing they use best practices 
    • Be aware of poor-quality penetration testing that is fundamentally just a vulnerability scan with commentary 
  4. Plan for the worst by balancing spending across these areas:
    • Assessing Risk
    • Detecting attacks
    • Protecting your assets
    • Responding to attacks
    • Recovering from attacks