Threat Intelligence impact on geopolitical risk management

By Chris Spinks, Head Of Operations, CYJAX

In the modern day, a holistic approach to risk management is vital to the longevity and protection of an organisation’s baseline. Geopolitical intelligence, in a wider context and understanding than just a base meaning of ‘war,’ is a necessary intelligence stream for businesses. It enables risk managers and security practitioners to effectively see, understand, and act against threats affecting their organisations. Businesses of any size, from local to international, must recognise the wider implications of its footprint and the security of its supply chain. It must understand the potential for disruption or infiltration resulting from changes of risk that impact the current global supply chain. Governance, compliance, and security requirements are heavily influenced when undertaking a full global risk management approach by an organisation.

Geopolitics plays a fundamental part in managing risk where assets or supply chains, crucial to an organisation’s success, are spread across the globe. Even a small to medium enterprise with a local or national footprint will see an impact on their outputs through disruption to global supply routes or changes to world order. Both NIST and ISO standards now specifically call for the assessment and monitoring of supply chain risk, due to the significant disruption it can have on an organisation and its dependencies.

Changes in 2023

Conflict across Gaza and Ukraine featured heavily in 2023. However, other events were seen across Asia, with a number of earthquakes effecting Indonesia, Japan, Sri Lanka, and recently China. Earthquakes, landslide, or even wildfire can impact physical assets, resources, communities and therefore also workforce causing local difficulties. Geological disaster could result in the immediate loss of workers or be a catalyst to insider threat through employee desperation.

Fast-developing countries such as Nigeria also feature within geopolitical alerting with military action being commonplace. Countries such as Mexico, Ecuador and Brazil are going through seismic shifts within government and law enforcement. This is causing further social unrest and street wars with gang violence. As an enterprise examines its assets within the collection phase of the NIST Risk Management Framework, or the asset management approach under ISO, it must also understand the threats surrounding its assets. These can be offsite, offshore, or outsourced and influenced by factors described herein.

2023 saw significant geopolitical shifts. Any risk management process or cyber security assessment must entail an understanding of threat landscape changes as well as changes to the political and social mindset across a business supply chain and enterprise. The business must be well informed to enable risk mitigation, especially where changes in the social consciousness or visual displays of political unrest show a change in adversarial threat likelihood. Supply chains are often fragile and operating in multiple and differing regulatory environments. These environments are subject to change due to geopolitical influence and pressures.

Through 2023, a correlation between social unrest and cyber activity has been seen. Comparing intelligence between protests and strikes, and disruption from cyber-attacks shows a clear correlation between increases in global social unrest and cyber offensive activity. This includes distributed denial-of-service (DDoS) attacks, breaches of companies’ infrastructure, and data exfiltration. These patterns have become clear over the past year allowing intelligence companies to predict potential cyber-attacks when political change, instability, or unrest occurs.

The proliferation of cyberweapons

The past few years has cyber tools and weapons become increasingly publicly available.  These includes DDoS tools developed by threat actors and made available to their followers through encrypted messaging apps like Telegram. Additionally, affiliate programmes known as   Further to this, the anonymity provided by encrypted messaging apps has enabled competent threat actors to provide tutorship and training to more junior activists. This is enabling those who would have in the past taken part in physical protests against organisations, to now conduct cyber-attacks against them. This enabling of the general populous to conduct disruptive attacks against businesses underlines the need for comprehensive holistic intelligence feeds that encompass both geopolitical and cyber threat intelligence in a joined-up provision.

Timely, relevant, and consumable intelligence

To enable a business to effectively assess and manage its business risk in an ever-changing threat landscape, it needs up-to-date, contextualised intelligence. This must be consumable by all levels of the business be streamlined to supply only what is relevant and timely. When a business understands the threat landscape, is positioned to react to changes, and its stakeholders are engaged in the intelligence lifecycle, it can   or recognise opportunity when it arises. The provision of geopolitical intelligence provides a vital contextual understanding within the holistic view of the threats.

The connections between society and cyber impact seen above are examples of the joined-up threat landscape. The global nature of communications today has resulted in a phenomenon whereby a singular local social event can see rapid adversarial cyber offensive actions with little to no accountability. The spotlight can quickly swing towards a business or a country through no fault of its own, creating a situation where capable threat actors focus their attention on an organisation before warning signs were observed. The provision of geopolitical intelligence can help proactively highlight changes to threat levels and provide vital warning for defenders to raise shields!

Hot Topics

Related Articles