By Paul Proctor, Distinguished VP Analyst at Gartner
Cyberthreat is evolving as an organized crime industry. The impact is no longer limited to revenue and reputation but has also started impacting human lives. The recent examples being Conti’s attack on Costa Rica, Indian passenger airline SpiceJet, and others. In the shadow of the invasion, it has become evident that hybrid warfare is the new reality, and geopolitics and cybersecurity are inextricably linked.
Over the last six months, organizations in Ukraine have faced threats including massive, distributed denial-of-service (DDoS) attacks, increased malware activity, targeted and persistent phishing attacks, disinformation campaigns and attacks on cyber-physical systems.
Cyber warfare does not have geographical boundaries in the way that physical conflict does.
Cyber conflict is now a business problem that technology alone cannot resolve
Cyberthreats will continue at least as long as the physical conflict does. The “fog of war” can challenge situational awareness and panic will increase the risk of mistakes, creating an advantageous situation for bad actors. While the impacts of individual attacks will vary, the broader effects of a heightened threat environment will be felt by organizations worldwide.
According to a recent Gartner poll, 25% of organizations in North America and EMEA said that they took some kind of cybersecurity action in response to Russia’s invasion of Ukraine. This was the most common response, ahead of actions related to sanctions, employee welfare or supply chain risk management.
The specific cybersecurity actions that enterprises took varied. For example, some reviewed and blocked known Russian threat actors’ tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs). Some shored up their threat intelligence and incident response capabilities, while others focused on promoting security awareness among employees and increasing communication with executives about emerging threats.
It is a positive sign that CIOs and CISOs were generally aware that some action had to be taken to strengthen cyber-defences as geopolitical tensions rose. However, these initiatives were largely tech-led.
Cyber-conflict is not just a security problem, it is a business problem, and as its impact continues to grow it will require more strategic involvement from business leadership at every level. Crises place an additional premium on risk-based decision making, and business leadership must be involved at every level.
Executives who make defensible, risk-informed choices are more likely to navigate their organizations with resilience, from response through recovery.
Cyberthreat preparation needs more than just shiny technology
The complex nature in which geopolitics and cybersecurity have become inextricably linked, makes it imperative for security leaders to treat the global threat landscape as a business risk. Now, more than ever.
Security and risk management leaders need to consider the impact of current events on enterprise risk. They need to fully understand the business’ appetite for that risk and keep monitoring the variables. Only focussing on vulnerabilities and security technologies is not enough.
They need to lead the enterprise to make informed decisions about its cyber-related risk exposure. Understanding the security impacts of global events is a key component of this new evolved role of security and risk management leaders.