Think Global, Act Local: Geopolitical Intelligence in Cybersecurity

The world is in a seemingly permanent state of geopolitical tension, as underscored by significant recent events such as the ongoing Russia-Ukraine War, continued strife between the United States and China, and the most recent conflict between Israel and Hamas, among others. In addition to the extensive economic and social consequences, these geopolitical upheavals have resulted in a notable increase in cybercrime, likely driven by nation-state threat interests. 

Whether you are part of a multinational organization or a US-based small-to-medium-sized business, geopolitical context is increasingly important to your cybersecurity strategy. Against a backdrop where the United Nations has warned that “our world is becoming unhinged” due to escalating global tensions, geopolitical factors will only continue to influence cyber events. 93% of cybersecurity expertsOpens a new window believe global geopolitical instability will likely lead to a catastrophic cyberattack in the next two years. 

In addition to ongoing cyber attacks against Ukrainian infrastructure, Russian state-backed actors also increased their operational tempo of espionage campaigns targeting law enforcement, private businesses, and media organizations. While current events may feel daunting, they provide security teams more insight into where resources should be allocated or where incident response teams should prioritize their time and energy. Curating relevant and timely information related to geopolitical events – or geopolitical intelligence – helps enterprises understand and manage location-based threats to their organizations. 

Risks for Global Organizations and Governments

This dynamic reflects a new era of geopolitical strategies increasingly intertwined with cyber warfare. As geopolitical tensions escalate, nation-state actors take advantage of the chaos and uncertainty to launch more cyberattacks. For example, our intelligence team observed threat actors seeking to profit off the Israel-Hamas war nearly immediately, with one group advertising compromised personally identifiable information (PII) from the Israeli Defense Force and the Israel Security Agency for sale on the dark web. This means that organizations and governments already dealing with geopolitical tension are also becoming increasingly vulnerable to the looming threat of ransomware attacks and cyber extortion schemes. Given the current climate, it is unsurprising that ransomware attacks against organizations are very likely to account for more than 50% of global attacks in 2024Opens a new window . 

Specifically, the escalating geopolitical tensions heighten the risk of cyberattacks on critical infrastructure sectors, including energy, transportation, and healthcare. Such attacks could have crippling effects on US organizations, impacting their operations and resilience while also contributing to broader economic and even societal repercussions. The interconnected nature of these vital sectors makes them an even more attractive target – for example, how an attack on the US power grid would affect almost the entire country versus an attack on an individual company or government organization. Just as it is important to be aware of the potential geopolitical factors that could impact cybersecurity, it is also important to consider how threat actors may execute attacks on certain sectors to gain political advantage. 

Combating Global Threats with Geopolitical Intelligence

In response to this intensified threat landscape influenced by geopolitical factors, organizations must, in turn, enhance their cybersecurity measures with more robust intelligence to safeguard critical assets and defend against these nearly inevitable and increasingly targeted attacks. 

Especially for organizations with worldwide operations, geopolitical intelligence is crucial as part of the broader intelligence strategy. It provides timely and relevant insights into a range of emerging global threats that are not always considered when thinking about cybersecurity, including political conflicts, public health issues, terrorism, refugee displacement, and other issues in specific areas where an organization may operate or hold important – and vulnerable – assets. This intelligence provides an added layer of visibility into an organization’s attack surface, enabling security teams to conduct more accurate ongoing evaluations of cyber risks and effectively navigate the ever-changing landscape.

Additionally, organizations can increase the efficiency of security operations. Geopolitical intelligence platforms simplify and automate collecting, analyzing, and reporting global events that may impact an organization. Rather than manually searching news reports for updates on geopolitical events, security teams can operate more efficiently. They should focus their resources on proactive measures to safeguard assets.

Cybercrime Is Global – Your Intelligence Should Be Too

Without geopolitical intelligence, many organizations are at an even larger disadvantage in combating cyber threats. Cybercriminal gangs are heavily resourced and funded by nation-states. They conduct espionage and surveillance attacks. Their goal is to steal sensitive data and financial resources. They may also hijack application source code from targets with fewer resources. Geopolitical intelligence can level the playing field, unveiling details about cybercriminals’ identities, motivations, and tactics orchestrating these attacks. Ultimately, this information equips organizations with the context and insights to counteract or avoid becoming victims effectively.

Fundamentally, geopolitical intelligence is just one component of a comprehensive, full-spectrum threat intelligence program. The dynamic landscape of geopolitics will consistently influence cyber risks amidst an increasingly polarized world. Certain factors are beyond our control. But we do have the power to stay well-informed on emerging geopolitical risks, enabling us to strategically position ourselves to make the most informed decisions to stay ahead of geopolitical challenges. By maintaining a proactive and informed stance, we can navigate the complexities of this changing landscape and proactively address potential risks, ensuring resilience and adaptability in an ever-evolving global environment.

MORE ON THREAT INTELLIGENCE

• Why Threat Intelligence Must Be Closely Orchestrated Across Cybersecurity
• How Cyber Threat Intelligence Supports Continuous Security Monitoring
• How Generative AI Can Improve Threat Intelligence