Geopolitics and cybersecurity for organizations of all kinds are increasingly linked.
This has become increasingly clear in the past year with Russia’s invasion of Ukraine, which has been called the world’s first hybrid war — attacks have taken place both on the ground and online.
As Russia’s threat actors target Ukraine and its allies, nation-states perpetuating cybercrime have been on the rise worldwide. Microsoft reports that the number of cyberattacks by nation-states doubled over the last year, rising from 20% to 40%. Verizon found multiple attacks by nation-states against companies in Asia. Company leadership is responding to those concerns. A recent PwC survey found geopolitical risk to be one of the top worries of CEOs in 2023, with almost half of those who say they expect to be exposed to geopolitical risk increasing their cybersecurity investments.
Geopolitical cyber intelligence can help make these threats more visible, and more importantly, can help companies prepare to face them. This article examines geopolitical intelligence, explores what it is, where it’s found, and how it can be used to mitigate risk. We also examine some of the challenges in finding good intelligence and how to overcome those issues.
What is Geopolitical Intelligence?
Geopolitical intelligence is information about worldwide political, social, and economic trends or incidents that may affect an organization. These events might include wars, protests, terror threats, public health issues, and issues that could affect that organization’s supply chain.
There are seven pillars of geopolitics:
- Geography
- Politics
- Economics
- Security
- Society
- History
- Technology
Any of the above can affect an organization and its ability to do business. By analyzing applicable geopolitical intelligence, an organization’s leadership can make informed decisions quickly when there’s a crisis or a risky situation, and can also make decisions that help the business avoid threats.
How does geopolitical intelligence impact cybersecurity?
In the past, geopolitical intelligence was used to define location-based threats only, but the global nature of the internet means that geopolitical intelligence is now tightly linked to cyberthreats.
As with nearly every technological advance, cyber attacks are being used as tools of war and espionage, and cyberattacks from nation-states have been increasing. For example, a report from HP found that there was a 100% rise in “significant”’ nation-state cyber incidents between 2017 and 2020.
How is geopolitical intelligence gathered?
In many cases, geopolitical intelligence is gathered from open source intelligence (OSINT), such as news sources, government briefings, social media posts, websites, and other publicly available information. Analysts may also use human intelligence or talk to one another about emerging threats.
Use Cases for Geopolitical Intelligence
Location-based threats
Geopolitical intelligence can be used to monitor areas in which your organization has a site, or employees. If, for example, you have remote workers in an area that seems about to experience political unrest, you can take actions to get them out of that area. In 2022, for example, companies worldwide used information about the invasion of Ukraine to relocate many sites and remote workers before the conflict.
Digital attacks
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
Whether a country has its own national cyber program or has joined forces with a group of cyber criminals, it’s important to know the cyber risks posed by nation-states. Geopolitical intelligence can offer information about the TTP (Tactics, Techniques, and Procedures) favored by state-sponsored attackers. For example, according to a report from the European Union Agency for Cybersecurity (ENISA) nation-states often use zero-day and critical vulnerability exploitation; attacks on operational technology (OT) networks; wiper attacks and supply chain attacks.
Context for threats
Geopolitical intelligence allows threat intelligence teams to better understand the bigger picture of how global politics and events impact their organization. Some factors that influence geopolitical intelligence include culture/customs, regulations, and policies. By gaining greater context to an event, organizations can better anticipate relevant threats and prepare to mitigate risk.
Regulatory changes
Enterprises operating in several countries may not be aware when regulations shift. Geopolitical intelligence is able to monitor regulatory change so that a company is able to remain compliant.
Proactive security
Cyber threat intelligence plays an important role in a proactive cybersecurity strategy. Geopolitical intelligence helps your team identify the most likely international trends and that might have an impact on your organization. Once those risks have been defined, your leadership can make decisions that will help mitigate that risk.
Challenges in Gathering Geopolitical Intelligence
Gathering, processing, analyzing, and disseminating threat intelligence data is a key piece of an effective cyber threat intelligence program. There are some key challenges associated with geopolitical intelligence, however.
There’s an overwhelming amount of data
One of the biggest issues in gathering geopolitical intelligence is that there is simply so much of it. From Ukrainian citizens capturing images of Russian invaders and posting them to social media to reports on the economy and climate change, there’s a massive amount of information to sift through. A company interested in using geopolitical intelligence needs to know where to look to find the information that is most useful to them and their use case.
Misinformation campaigns
One significant challenge is that threat actors often use sources of OSINT intelligence to spread misinformation and disinformation. ENISA’s report found that disinformation is a favorite tactic of state-sponsored actors. For example, during the pandemic Russian disinformation campaigns targeted the companies developing COVID-19 vaccines to undermine confidence in U.S. public health. It’s important for analysts to be able to weed out the bad sources so that leaders are not making decisions based on faulty information.
Lost in translation
When dealing with international sources, there is often a language barrier. An in-house threat intelligence team might not have the expertise to understand or translate relevant information. If they try to use commercial translators, some important nuances could be lost.
The information isn’t actionable
The goal of a strong geopolitical intelligence program is to provide information that can be used by leadership to make effective decisions. This means the intelligence must be able to be understood by executives. Information that’s overly technical, or that gets into the weeds of policy might be interesting, but won’t help a company make the right decisions.
Overcome the Barriers to Geopolitical Intelligence
Michael Morell, a career intelligence analyst and former acting director of the CIA, discussed the measures that companies can take to protect themselves against geopolitical threats during a webinar with Flare: The New Front in Warfare: Cyberwarfare & Security in the 21st Century.
According to Morell, private companies must, first and foremost, rely on their own resources to protect themselves against global threats; the U.S. government isn’t able to protect every company against state-sponsored cyberattacks. Morrell also pointed out that adversaries and their TTP constantly evolve. Companies must be vigilant about those changes.
This means having a reliable and curated source of geopolitical intelligence that’s relevant to your business. Most organizations, especially small and mid-sized businesses, don’t have the resources to do that on their own, but there are automated solutions that can make this easier.
How Flare Can Help
Flare allows your team to easily scan the clear and dark web as well as Telegram channels for geopolitical risks relevant to your organization. Flare’s platform automates threat intelligence collection, and cuts down noise by about 40% with high-quality structured data.
This proactive approach lets your team identify potential risks and take steps to mitigate them before a breach.
Want to see how Flare can help your organization stay ahead of threat actors? Request a demo to learn more.