Cybersecurity in times of geopolitical conflict – Handelsblatt Live

Geopolitical tensions and conflicts lead to significant risks for companies – both in the affected areas and beyond. In such times, cyber attacks, which are often supported by the state, increase. These attackers use advanced techniques to infiltrate critical infrastructure, disrupt operations or steal data. Their goals are diverse: from espionage and sabotage to economic instability and psychological warfare. Nation states, hacktivists and cybercriminals are emerging who are using the disruption to their advantage.

The situation becomes particularly dangerous when cyber actors change their strategies to the crisis and intensify their attacks. It is therefore essential to detect these behavioral changes early to protect companies. Such a historical precedent Campaigns against Ukraine from 2014 and the recent attacksgiven to Volt Typhoon, showing that companies do not need to adapt their strategies to new conditions. For example, the Chinese hacker group, which has been active since 2021 and is apparently state-sponsored, focuses on espionage and, once it has gained access to victims’ systems, they want remain unrecognized as long as possible. Companies must recognize such methods and conflicts as part of risk management and proactively anticipate them.

Advanced Persistent Risks (APTs)

One of the biggest challenges in such conflicts is Advanced Persistent Threats (APTs). These long and targeted cyber operations aim to steal sensitive information from governments or companies and take down the affected organizations. APT attacks, often supported by nation states, are characterized by sophisticated tactics, including social engineering, spear phishing or the use of zero-day exploits. As conflicts increase, APT groups are increasingly collaborating with cybercriminals to gain more access. This means that previously protected entities, such as health care facilities or critical infrastructure, are also targeted. These are not only so-called “sophisticated” attacks, but also massive distributed denial of service (DDoS) attacks that hit defense companies, for example, and are usually more likely to be attributed to hacktivists. While these typically don’t cause the same damage as other attacks, they tie up valuable resources and can increase overall cyber risk.

A particularly disturbing example is the activities of the Russian-linked Killnet group and hackers in the Middle East conflict. The rise in state-sponsored attacks is also evident in Germany. China’s ambassador was recently summoned to the Foreign Office following a major cyber attack on German ministries and authorities blamed on China. Such incidents highlight the international dimension of APT attacks in tense geopolitical times.

Other company processes are affected

Other business processes, such as recruitment and remote work models, are also increasingly affected by cyber threats. An example of this is North Korea’s remote worker campaigns, in which criminals successfully occupy IT positions in Western companies to steal data and commit extortion. Some of their intentions are currently unclear, but it is clear that they are using stolen identities and local intermediaries to hide their activities. In a recent case, a company was unknowingly hiring remote workers from North Korea. Cases like this highlight the danger involved in workers who work for Western companies for several months while sending money into North Korea through complex networks. Companies are advised to include such issues in their risk management and take steps to protect themselves from data loss and blackouts.

Close integration of cybersecurity and operational processes helps detect and deter potential attacks in a timely manner. It is also very important to ensure reliable communication with the public to combat decontamination. Companies must also think carefully about the risks and vulnerabilities they may have and implement appropriate security measures.

Understanding the extended attack surface

A key part of adapting to this threat landscape is understanding the expanded attack surface that organizations face today. This now includes not only the classic IT infrastructure, but also technologies such as IoT devices, cloud services and remote work environments. All of these areas present vulnerabilities that could be exploited by attackers, especially when employees gain access to corporate networks from less secure devices during an emergency. In geopolitical conflicts, it is also necessary to be aware that companies in the affected areas may lose access to offices or have longer power outages. Critical business processes must therefore be designed in such a way that they remain operational and secure despite these challenges.

What can companies do?

In order to be resilient in geopolitical crises, companies should examine their cybersecurity strategies at an early stage and strengthen them accordingly. An important building block for this is a detailed analysis of your own risk situation. This includes a thorough understanding of current threat conditions through measures such as threat intelligence, improving risk visibility and clearly communicating these risks to management. It is important to emphasize that the IT department cannot worry about geopolitical issues, but should only ensure that it provides as much context and transparency as possible to make informed decisions. to enable In addition, it is important that crisis management teams have clear roles and responsibilities so that they are able to intervene in times of conflict.

With these measures, companies can increase their resilience against cyber threats and proactively prepare for potential threats.