Are Geopolitical Risks Part of Your Security Strategy?

The Cambridge Dictionary defines resilience as “the ability to be happy, successful, etc., again after something difficult or bad has happened,” which seems particularly apt for our times. The relentless flow of news stories is mostly centered around cyberattacks, hacks, and breaches. Criminals and hackers don’t seem to take a rest, and geopolitical risks like state-sponsored attacks are growing.

With so much going on, where do we focus? You must first take stock of your current threat landscape to answer this question. Only then can you outline how to strike the right balance between protecting areas of the highest business criticality and simultaneously understanding the threat of growing geopolitical risks.

Focus on Business Risks

The cyber threats to an organization can be overwhelming and it can be easy to become distracted with the latest vulnerability or breach. From a business perspective, we should focus on protecting your areas of highest business criticality (including its dependencies, but more on that later), understand risks and potential impacts specific to those functions and construct a system to align controls and architecture with business criticality. Taking a business-focused approach lets you avoid being overwhelmed, and it also helps you to align your cyber and technology strategies with your business strategy. That final point on alignment can transform your role within your organization.

Be Aware of the Changes in Geopolitical Risks

The daily news reminds us that the world is becoming a very uncertain and dangerous place. Geopolitical risks from hostile foreign powers extend beyond government and military targets and are now acting on critical infrastructure. Disinformation and network disruption impacts governments, businesses, and society as a whole. Regulators are increasing their focus on understanding dependencies and relationships in hostile regions. At the same time, those hostile regions are extending beyond the nations we were concerned about just a decade ago. Understanding geopolitical risks and cross-border dependencies should be a cyber priority. After all, you can’t implement effective controls and observability if you don’t know what you’re dealing with.

Build in Resilience as Part of the Architecture

Once you take a resilience-led approach to cyber and operational risk, your mindset and strategy will change. Historically, we have sought controls to allow us to mitigate risk and recover from events. However, a resilience mindset leads you to consider building inherent capabilities within your application and cloud architectures. If you embrace secure development practices, automation, and control planes that ensure your application deployments continue to meet your business requirements for cyber resilience, then the need to bolt-on controls (which add complexity and brittleness) become less important.

Understand Your Dependencies

There is an underlying challenge that organizations have experienced in attempting to respond to cyber and operational failures – unknown dependencies and their impact on critical business functions. Enterprises with complex service-oriented architectures have highly interconnected applications. The rapid rate of change driven by automated cloud infrastructure and continuous integration and continuous delivery (CI/CD) development practices have only compounded the problem. In order to maintain a resilient posture, organizations need to understand their dependencies in terms of applications, infrastructure, geographic locations and third-party service providers at all times. A decade ago, this process was highly manual, expensive and often inaccurate. Application visibility and control tools automate this for you. This reduces costs, improves accuracy, and ensures that your organization is always prepared to respond to changes.

Use the Power of Cloud and APIs

Modern software-defined infrastructure and public cloud services have added a layer of complexity to cyber and IT operations. However, these tools have also added a wealth of services and telemetry that you can leverage to build in resilience without adding new security products to your architecture. API-driven security control planes that can interface to your cloud-native security controls while abstracting their complexities and differences allow you to fully embrace the power of the cloud without needing to be an expert in every single environment and low-level security feature.

Lastly, Think About Your Most Important Asset—Your People

Cybersecurity is based upon the pillars of people, process, and technology. As lines blur between personal and professional devices, we should think about how we can simplify working life. The goal should be to reduce the chances of human error and increase focus on the areas of importance. For security teams, that means focusing on business risk and using tools that simplify and automate repetitive, complex, error-prone tasks. Do your tools help your security professionals focus on risk and business value? Or are they spending their time sorting through the details of cloud environments and security tooling?

Don’t Forget to Educate

One of the biggest successes I have found comes from the space created to bring our teams together, to communicate openly about the problems we face together, and to educate ourselves around geopolitical risks, opportunities, new disruptive technologies and new ways of working. By focusing on education and proving that we are here to support and improve each other, we can lay the foundations of increased cyber awareness, a renewed determination to protect what’s important, and the understanding that cyber resilience is everyone’s responsibility.

MORE ON CYBER WARFARE

• The Evolution of Cyberattacks from Governments to Big Tech Companies
• Cyber War: A Stealthy Contest
• Halliburton Operations Disrupted by Cyberattack