Russia’s invasion of Ukraine suggested that geopolitics continues to be a major driver of cyber risk.
Now, as Israel becomes embroiled in another conflagration in the Middle East, regional power plays are set to add more uncertainty and potential risk for business planners. For Western organizations, the threat is not only related to direct cyber-attacks on their assets, but also against key suppliers and partners. The enlistment of local workers into the Israel Defense Forces (IDF) is an early sign of the knock-on impact that looming war can have on IT supply chains.
Intelligence is key to managing these risks. CISOs need to think more clearly about cyber, not just in terms of pure technology, but also viewing risk exposure through a geopolitical and supply chain lens.
The Coming Storm
Nation states have for years sought to gain geopolitical advantage through offensive cyber operations. China, Russia and others routinely steal information from rival nations in classic cyber-espionage campaigns. They look to disrupt or pre-position themselves inside the networks of critical infrastructure providers. They run influence campaigns to sow fear, uncertainty and doubt. And they try to score political points by taking websites offline via DDoS attacks and defacements.
However, Russia’s invasion of Ukraine prompted an unprecedented surge in activity – not just from state operatives on both sides, but also patriotic hacktivists. Among other things, there’s been a surge in wiper attacks against strategic targets inside Ukraine, although a major spillover to Western allied countries has thus far not come to pass, despite repeated warnings. What we have seen more of impacting Western firms directly, is hacktivist activity from pro-Russia groups like Killnet, which has downed the websites of airlines, hospitals, governments and even the British Royal Family.
Similar trends are emerging in the Middle East following a devastating terror attack by Hamas on Israel. Research from Cambridge University revealed that over 100 hacktivists launched more than 500 web defacement attacks on Israeli sites, in solidarity with Palestinians. There are potentially other cyber-threats building. Gaza-based hacking group Storm-1133 has a track record of targeting telecoms, energy and defense companies in Israel.
Information will be key to both sides as long-term conflict nears. That means hackers are looking for strategically important intelligence they can use to inform military tactics. We could also see destructive or disruptive attacks: for example, pro-Palestine hacktivist group ‘Cyber Av3ngers’ claimed to have knocked out the website for Israel’s Dorad Power Station.
Scrutinizing Suppliers
The threat to organizations with operations in war zones is obviously significant. But supply chains are arguably a bigger risk. Even without direct exposure to critical events, organizations must consider how badly impacted their suppliers and partners are. For a nation of under 10 million inhabitants, Israel plays an outsized role in the technology industry – especially software development, cybersecurity and CPU manufacturing. The hi-tech sector contributes nearly a fifth of national GDP and half of all exports. Intel, Nvidia and Apple all have major operations there, employing thousands of workers.
Both digital and non-IT suppliers based there could suffer disruption if cyber-warfare escalates. It could lead to production outages and customer-facing services being taken offline for periods, hitting the reputation and profits of both suppliers and their business partners. Sometimes risk isn’t even cyber-related at all, but comes from adjacent areas.
Consider the potential supply chain disruption caused if staff are conscripted into the IDF, as is already happening. What happens if key developers can no longer contribute code? In a world of DevOps, microservices and rapid, iterative development, it could have a serious knock-on effect.
Separately, the latest intelligence suggests geopolitical escalation between Russia and the West is increasing the risk of Moscow targeting Western businesses operating in Russia. This could increase the chances of such firms suffering major reputational and financial damage.
Making Informed Decisions
Success in business is ultimately about making the right decisions to manage risk and nurture growth efficiently. This boils down to having access to intelligence capable of providing the answers senior decision makers need. Unfortunately, the supply chain continues to be a critical point of weakness. According to the latest UK government figures, just 13% of British firms review the risks posed by their immediate suppliers.
This needs to change. Organizations must be more forensic in their analysis and understanding of their business and supplier operations. A refresh of internal and supply chain risk assessments would be a good place to start. Incident response plans should be updated in line with this new risk landscape. Additionally, CISOs must also do better at connecting and translating cyber risk to business risk so boards can make better decisions. Their indispensable partner in all of this must be a trusted threat intelligence provider.