For any seasoned CEO, cybersecurity and geopolitics are individual concerns. An EY CEO Imperative Study notes that 63% of Forbes Global 2000 chief executives ranked digital transformation as the top business concern. In contrast, the same CEOs ranked geopolitics last in corporate impact, with a measly 28% pointing to political risk management as their number one priority.
The situation in Ukraine, and Russia’s reputation for using weaponized cyber tools on desired targets, have put chief information security officers (CISOs) on their toes. It raises the question of how organizations approach cybersecurity and geopolitics risks as a whole — in siloes.
In times of crisis, organizations must minimize the threshold for attack and maximize their ability to detect potential intrusions, relying on up-to-date network traffic analysis and constant, real-time mapping of their external attack surface to protect their assets. Though CISOs shape the strategy and action plan, an element of cross-functionality must be addressed across the entire enterprise.
To shift from siloed thinking to cooperation, cybersecurity teams of large, multinational organizations must work to better elevate security importance across all teams. Cybersecurity concerns no longer sit comfortably in the IT department. Marketing and development departments often create web pages and other online assets for development, later leaving them to slip through the cracks, expanding their external attack surface in the process.
CISOs must lobby for collaboration across policy and business operations to cover their geopolitical bases while educating the wider company on the critical importance of reporting created assets to internal security functions.
Failing to do so puts organizations in the firing line of cyberattack, potentially by nation-state hacker groups.
How vulnerable are organizations to nation-state attacks?
A recent report, Nation States, Cyberconflict and the Web of Profit by HP notes that nation-state cyberattacks have doubled over the last three years, with supply chain attacks rising by a margin of 78%, and finds that over 40% of cyberattack assets include a physical and digital component — a phenomenon known as hybridization.
In addition, we must look to the actions of companies to confirm their risk awareness. Both enterprises and government agencies are aware of nation-state threats and are taking steps in anticipation. The U.S. recently announced it secretly removed malware from computer networks worldwide, while Asian corporations are calling for increased government support to defend against nation-state cyberattacks.
To assess how vulnerable organizations are, the first port of call should be the state of their external attack surface. The fact is that organizations aren’t protected at the best of times, let alone in the context of geopolitical cyber warfare.
Recent Reposify reports of the cybersecurity, pharmaceutical, gaming and financial industries have found astounding gaps in the security posture of their external attack surface. Ninety-seven percent of cybersecurity companies host exposed assets in AWS. Ninety-two percent of pharmaceutical companies, followed by 55% of gaming companies and 52% of cybersecurity companies, all house a database vulnerable to attack and ultimately to leaked data.
When coupled with the rise in nation-state actor threats, it’s clear that geopolitical cyber warfare poses an undue risk to organizations when they’re already housing significant vulnerability. CISOs can only work to protect what they know is there and must begin with their most vulnerable, external-facing assets.
Continuous, real-time asset monitoring is paramount to defeating nation-state threats
In the aftermath of the seismic cybersecurity shift that was 2020, CISOs are still working to fight growing pains. Increased reliance on cloud services, a growing number of subsidiaries and a rise in the remote workforce — and therefore remote access applications — have led to exponential digital footprint growth that crosses international boundaries.
The cybersecurity suite of solutions is cumbersome and has contributed to the digital footprint problem and resulted in alert fatigue for many CISOs (e.g., Solarwinds exploit). Cybersecurity teams are hopeful that the future will bring a more streamlined approach, but resiliency and preparedness must come first.
The Gartner Top Security and Risk Management Trends for 2022 identified attack surface expansion, digital supply chain risk and identity threat protection and response as the top concerns for CISOs this year and beyond. In the context of the geopolitical landscape, undoubtedly, these threats will color cybersecurity strategy with paranoia.
Organizations must become more resilient, adopting integrated cyber risk management supported by a risk-aware culture and enabling technologies.
For cybersecurity strategies of tomorrow, knowledge and awareness are paramount. Critically, CISOs and security teams can only apply integrated cyber risk matrices to assets they know are there.
External attack surface management (EASM) security technology is ideally placed to fill this gap, supporting the time-consuming asset management work security professionals must complete as a part of a resilient cybersecurity posture. EASM is not a technology to be supported but rather a technology to support CISOs and security leaders.
In the context of evolving threats and nation-state actors — whose sophisticated attacks cannot be predicted, only anticipated — assets must be continuously monitored in real time.
Where should CISOs be focusing their efforts?
The problem with attacks from nation-state actors is the level of sophistication, and masquerading CISOs are contending with. This is their main point of differentiation from the “everyday” hack: nation-state cyber teams have CSS and exploit vulnerabilities created under the radar and accumulated in anticipation of the perfect time to strike.
The HP report notes that COVID-19 presented a massive opportunity to nation-state actors, with evidence that several are “stock-piling” zero-day vulnerabilities to leverage against organizations associated with a particular country or the governments themselves.
Zero day RCE threats, which see unprivileged external code compromise any exposed machine in the network, are of particular concern given their severity. Their consequences span any number of possibilities — lost or stolen data, proxied communications, hacked private drives or potential damage to corporate reputation or stolen IP.
Though there are immediate steps organizations can take to protect their assets, like updating their asset inventory and securing their digital perimeter and monitoring their external perimeter, organizations are limited to only protecting assets teams are aware of.
The backbone of any geopolitical cybersecurity strategy
Given the increased likelihood of nation-state threat, the top security risk management trends around attack surface expansion, digital supply chain risk and identity threat protection and response, and the proven vulnerability organizations house as a part of their external attack surface, it’s clear that CISOs must first arm themselves with knowledge.
Updated asset inventories are critical to integrated cyber risk strategy, updating in real time where organizations are most vulnerable to attack so that CISOs can reinforce liable assets — like databases, remote access sites and web servers and close unnecessary holes like unused ports.
In the context of geopolitical risk, CEOs must recognize and act on the implications of political risk, working closely with their cybersecurity teams to underpin digital transformation and technology adaptation strategies with a thorough cybersecurity posture. Success can only be achieved with buy-in from the entire organization, elevating the profile of security protocol across all teams and functions.
Still, external attack surface management technology can help CISOs, CIOs & SoC/NoC Managers deploy a watchful eye over their digital perimeter. Constant, real-time asset management is essential to any integrated risk management strategy — especially in today’s context.
Editor's Note: For an entertaining and informational discussion on cybersecurity and geopolitical issues affecting organizations globally:
- Watch Security's Cybersecurity and Geopolitical vodcast here
- Or listen on our podcast page, Spotify or Apple Podcasts