While the vast majority of cyberattacks are criminal activity rather than state-affiliated operations, these kinds of attacks are still incredibly important to understand and prepare for, should they come to your door. State-affiliated attacks are almost always more sophisticated, more difficult to detect, and often have a completely different goal than criminal groups. Staying current with geopolitical changes and events and understanding how that may impact your organization is an important part of a robust cybersecurity program.
One example of this is the recent pro-Russian groups’ targeting of Italian banks, a water supply company, public transportation, and journalism. Italy has been incredibly supportive of Ukraine throughout the war, accepting many refugees, providing military and humanitarian monetary aid to Kyiv, and continuing to condemn Russia’s actions in the strongest terms. In retaliation, Russian groups have begun attacking various critical sectors in the country that, without the Ukraine context, would not make sense. In addition to targeting Italy over its support for Ukraine, this group has also hit Spain, the Netherlands, and France for the same reason over the last month.
Aside from Russia, CISA Director Jen Easterly recently warned that there is a potential for destructive cyber attacks on U.S. railroads and pipelines if China invades Taiwan. The United States upholds a position of strategic ambiguity over Taiwan yet Easterly is warning the private sector that they would be at risk regardless in case of an invasion due to traditional economic support and recognition of Taiwan.
These recent examples show how important understanding what is going on in the world and how your business may be impacted. Though your organization may not traditionally be targeted by certain groups, geopolitical events can elevate your security risk.