As if CIOs and CSOs didn’t have enough to worry about, now there are geopolitical cybersecurity threats to the economy, business, and our nation’s infrastructures. State-sponsored digital terrorists are targeting U.S. companies and federal, state, and local governments to steal data and cause havoc. The best way to harm an enemy these days, it seems, is to send some ransomware or other malware to disrupt the nation and its citizens.
Here’s what you should know about geopolitical cybersecurity threats and how to shore up your digital resilience before the threat becomes a reality.
The Center for Strategic and International Studies (CSIS) tracks significant state-sponsored cyberterrorism incidents causing damage of one million dollars or higher. So far this year we’ve seen:
So far this year, the United States has seen an ever-evolving number of attacks, including:
It seems each month brings a new wave of political tensions. State-sponsored cyberterrorism is the latest behind-the-scenes mechanisms for covertly playing out hostilities. The World Economic Forum (WEF) survey of global risks includes cyber-enabled data theft and disruption of operations and infrastructures all around the world. Pricewaterhouse Coopers (PWC) says, “Don’t expect any declarations of ‘cyberwar’—this isn’t about large-scale conflict.” Instead, look for insidious efforts to undermine infrastructures, economies, or the public trust in our institutions. Companies that support or provide these services could easily be targeted, or, if they rely on these structures to serve their clients, the domino effect could create a substantial hardship for everyone involved.
Governments have been working on updating critical infrastructures while creating stronger deterrents to stop state-sponsored bad actors. But companies are expected to boost their security resilience in the face of rising threats. The problem is the shortage of qualified security experts available to enterprise organizations and their corporate reliance on siloed and reactive security measures to mitigate risk.
As geopolitical cyberattacks worsen, companies must develop a 360-view of their evolving digital infrastructures. From understanding the digital linchpins that link IT interdependencies to conducting regular proactive penetration testing, organizations must feel confident in the capabilities they have in place to protect themselves. Companies should begin by developing a plan for cyber defense, response, and mitigation.