Today’s interconnected world means cybersecurity is no longer a concern that is confined to just the realm of IT departments and tech companies. It has become a critical aspect of global geopolitics, influencing international relations, national security, and economic stability. For IT security leaders at medium and large enterprises, understanding the geopolitical implications of cybersecurity is an important component to developing a resilient cyber strategy.
Echoing thoughts that were shared at WEI’s recent Cyber Warfare & Beyond event, let’s explore the intersection of cybersecurity and geopolitics, highlighting best practices for IT security leaders to navigate this complicated environment. Panelists that joined WEI for this powerful roundtable discussion were former U.S. Ambassador to Ukraine Marie Yovanovitch, Palo Alto Networks Unit 42TM Chief Technology Officer, Michael Sikorski, and N2K Chief Security Officer and Chief Analyst at The CyberWire, Rick Howard.
The Geopolitical Impact on Cybersecurity
As recent history has demonstrated, geopolitical tensions significantly impact cybersecurity, and vice versa. Nation-states often engage in cyber warfare, targeting each other's critical infrastructure, government agencies, and private companies. As we've seen, such attacks are not just about data theft as they are also designed to disrupt essential services, causing widespread economic and social disruption. While cyberattacks have occurred for decades, their appearances in mainstream media are much more prevalent as events are growing in severity and frequency.
For instance, the increasing rivalry between major powers like the United States, China, North Korea, and Russia has led to a surge in state-sponsored cyberattacks. These attacks are often sophisticated, leveraging advanced persistent threats (APTs) to infiltrate networks, gather intelligence, and sabotage operations. Such activities underscore the need for IT security leaders to be vigilant and proactive in their cybersecurity efforts.
Photo: Former US Ambassador to Ukraine Marie Yovanovitch and cyber thought leader Michael Sikorski share a thought during WEI's Cyber Warfare & Beyond roundtable discussion on June 20, 2024.
“We're in a world that is changing with lots of threats out there, and everyone in the cyber community is very well aware of those threats that are coming from criminal actors as well as (nation-state adversaries)," Ambassador Yovanovitch remarked at the WEI Cyber Warfare & Beyond roundtable discussion. "The actions that we take now are going to determine the kind of world we're living in in the future."
The Rise of State-Sponsored Cyberattacks
State-sponsored cyberattacks are typically aimed at achieving strategic objectives, such as gaining a competitive economic advantage, undermining political stability, or demonstrating technological prowess.
For example, the 2017 WannaCry ransomware attack originating out of North Korea, compromised over 200,000 computers across 150 countries, causing billions of dollars in damage. Similarly, the SolarWinds hack in 2020, believed to be orchestrated by Russian intelligence, compromised multiple U.S. government agencies and numerous private companies, highlighting the far-reaching consequences of such breaches.
WEI roundtable panelist Michael Sikorski, a renowned cyber thought leader, was part of the incident response team to both the SolarWinds and Colonial Pipeline hacks. Sikorski emphasized that the serious degree of these infrastructure hacks is what prompted President Joe Biden to issue an executive order to enhance American cybersecurity defenses. This included efforts to improve collaboration between public and private sectors and to establish more robust security protocols across critical infrastructure.
"We need to think about how we are going to train up our students, our young generation to provide that capability,” said Sikorski. “The cyber war is only getting closer and closer as it creeps up, especially as we see (our nation-state adversaries) hacking the critical infrastructure.”
Watch: WEI Cyber Warfare & Beyond Roundtable Discussion
The Role of International Collaboration
According to the panelists, international collaboration is crucial in combating cyber threats that transcend national borders. Organizations like the United Nations and NATO are increasingly focusing on cybersecurity, promoting norms and best practices for responsible state behavior in cyberspace. Meanwhile, IT security leaders should stay informed about these international efforts and participate in information-sharing initiatives to enhance their cyber defenses.
“I'm glad we are having these conversations here in government circles and industry circles,” Ambassador Yovanovitch said. “We are being tested and we need to be thinking hard about what we are going to do when one-too-many buttons have been pushed and when that magical threshold gets crossed.”
Watch: Harnessing A Diverse Talent Pipeline For Cybersecurity Personnel
Best Practices for a Resilient Cyber Strategy
As digital operating models advance and threat actors become more sophisticated, the need for a modern security operations center (SOC) is clear. SOC analysts are recognizing the benefits of integrating automation and analytics into their systems, as potential threats can be detected sooner and swiftly responded to for minimal impact. This “Left of Bang” approach, something WEI has documented and preached to our network in the past, helps organizations strengthen their overall cybersecurity posture and prevent costly incidents before they occur.
Given the geopolitical landscape, IT security leaders must adopt a multi-faceted approach to cybersecurity. Here are some best practices that were discussed at the roundtable to help an enterprise build a proactive and resilient cyber strategy:
-
Comprehensive Risk Assessment
Conducting a comprehensive risk assessment is the first step towards developing a proactive cyber strategy. This involves identifying what the attack surface is of your entire IT environment, identifying critical assets, assessing potential threats, and evaluating known vulnerabilities.
-
Implementing Multi-Layered Defense
A multi-layered defense strategy, often referred to as defense in depth, is essential to protect against sophisticated cyber threats. This concept includes:
- Perimeter Defense: Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to protect against external threats.
- Internal Security: Network segmentation, access controls, and encryption to safeguard sensitive data within the organization.
- Endpoint Protection: Anti-malware solutions, endpoint detection and response (EDR), and regular patching to secure devices.
- Behavioral Monitoring: Continuous monitoring and anomaly detection to identify and respond to suspicious activities.
-
Advanced Threat Detection and Response
Investing in advanced threat detection and response capabilities is crucial to mitigate the impact of cyberattacks. SOCs equipped with artificial intelligence (AI) and machine learning (ML) can enhance the ability to detect and respond to threats in real-time. AI-driven tools can analyze vast amounts of data to identify patterns and anomalies that may indicate a cyberattack.
-
Supply Chain Security
Supply chain attacks, where cybercriminals target third-party vendors to infiltrate an organization, are on the rise. IT security leaders should implement stringent supply chain security measures, including:
- Vendor Risk Assessments: Evaluating the security posture of third-party vendors and requiring them to adhere to the organization's security standards.
- Continuous Monitoring: Regularly monitoring the supply chain for vulnerabilities and suspicious activities.
- Secure Procurement Practices: Ensuring that all hardware and software procured meet stringent security requirements.
-
Employee Training and Awareness
An organization’s cyber posture is only as strong as its weakest link. And to no surprise, human error remains one of the weakest links in an enterprise's overall cybersecurity posture. Regular training and awareness programs can help employees recognize and respond to potential cyber threats. Topics should include phishing awareness, safe internet practices, and the importance of strong, unique passwords.
-
Incident Response Planning
An effective incident response plan is critical to minimize the damage caused by cyberattacks. This plan should outline the steps to be taken in the event of a security breach, including communication protocols, roles and responsibilities, and procedures for containment, eradication, and recovery.
-
Regular Security Audits and Assessments
Regular security audits and assessments help identify and address vulnerabilities before they can be exploited. These assessments should include penetration testing, vulnerability scanning, and compliance checks to ensure that the organization's security measures are up to date and effective.
Building a Culture of Security
Creating a culture of security involves more than just implementing technical controls. It requires buy-in from the entire organization, from top management to frontline employees. This can be achieved through:
- Executive Support: Gaining commitment from top executives to prioritize cybersecurity and allocate necessary resources.
- Clear Policies and Procedures: Establishing clear and enforceable cybersecurity policies and procedures.
- Continuous Education: Providing ongoing education and training to keep employees informed about the latest threats and best practices.
- Encouraging Reporting: Encouraging employees to report suspicious activities and potential security incidents without fear of repercussions.
Staying Ahead of Emerging Threats
The cyber threat landscape is constantly evolving, with new threats emerging regularly. IT security leaders must stay ahead of these threats by:
- Threat Intelligence: Leveraging threat intelligence to stay informed about the latest attack vectors and tactics used by cybercriminals.
- Research and Development: Investing in research and development to explore new security technologies and methodologies.
- Industry Collaboration: Participating in industry groups and forums to share knowledge and best practices.
Conclusion
IT security leaders must recognize the importance of holistic asset management and Zero Trust principles as foundational elements of their cyber strategy. If there was anything to take away from WEI's powerful Cyber Warfare & Beyond event, it’s that IT leaders must realize that without a clear understanding of their systems, endpoints, users, and applications, establishing an effective security program is impossible.
Zero Trust has been a core principle at WEI for 35 years, demonstrating its efficacy in creating secure networks. Additionally, SOC modernization is highlighted as a vital area for reducing detection and resolution times, with WEI's expertise ensuring that security operations are agile and responsive. By adopting a proactive approach to cloud security through practices like "shift left and shield right," IT security leaders can better protect their organizations.
"We are at a hinge moment in history,” said Ambassador Yovanovitch. “There are a lot of threats out there. There are a lot of challenges, and we need to be on top of it. We need to figure out how to go forward so that our interests and our values are taken into account. There's no roadmap for how to do this whether it is on the cyber front or the diplomatic front or the military front. But the other part of this is there are a lot of opportunities as well, so it really matters that we get this right. And I think we can."
Next Steps: Following a cyber incident, cybersecurity teams often resort to their data sources to identify how the incident transpired. While analyzing these data sources, a critical question must be asked - what prevented cyber personnel from stopping the cyberattack in real time?
In this data-driven era, cybersecurity practices have increasingly focused on the prevention phase, made possible by leveraging the data already present in a cybersecurity environment. Prevention is your first line of defense, it is time to leverage its power and potential.
Download our free tech brief to learn more about this cloud-based, integrated SOC platform that includes best-in-class functions including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM.