How do geopolitics affect cybersecurity for organizations in different areas of the world?
Holden Triplett has years of experience in national security issues, including his role as the former Director of Counterintelligence at the National Security Council in the U.S. White House. In his role, he focused on coordinating policies to address U.S. counterintelligence issues. Previously at the FBI, he represented the U.S. in the FBI’s overseas embassies in China and Russia.
Flare Director of Marketing Eric Clay had the opportunity to sit down and interview Holden on the most relevant risks facing enterprise companies in 2023.
Check out our full webinar recording, Threat Intelligence & Geopolitical Risk in 2023, and/or keep reading for the highlights.
Turning Threat Intelligence into Effective Business Decisions
Effective threat intelligence needs to balance collecting and disseminating relevant information (while reducing noise) with making sure that the information is at the right level of depth and sophistication for executives to make decisions. An executive or board member could find the piece of information helpful, but if the information is too technical or too vague, it might not be actionable.
One way to address this issue is by starting at the potential action item then working backwards to collect information to address the question. Successful threat intelligence programs clearly scope intelligence collection and analysis requirements, then share the intelligence in a way that enables relevant stakeholders to action it. For example, this is an example scenario with an organization that’s concerned about how U.S.-Russia tensions could result in cyber risk:
- The threat intelligence team may be asked to identify APTs and nation state cyber risk as a result of the conflict in Ukraine and increasing tensions.
- Once an initial report is delivered, the team may be asked to create other non-technical versions and brief executive stakeholders and even boards of directors.
- Tailoring the message based on the intended audience, and ensuring that intelligence is delivered in a way that is actionable to the organization is absolutely critical
The cybersecurity team plays a crucial role in “translating” technical details and their direct implications to help executives take informed action.
In some cases, connecting the threat intelligence team directly to key executives can aid in actionable decision making and reduce the risk of mistranslations and wasted time.
Cyberattacks and NATO’s Article 5
NATO’s (North Atlantic Treaty Organization) Article 5 is the principle of collective defense; if there’s an attack on one country in the organization, it’s considered an attack on all member countries.
This has been an area of concern with the Russian war in Ukraine. There’s a dangerous “gray” area in which cyber attacks and even infrastructure attacks with plausible deniability could trigger Article 5 (or not)
If a military attack like by Russia in Ukraine happened in a member nation like Poland, NATO would undoubtedly immediately invoke Article 5. However, for example, if the cyberattacks disrupted government services websites, but did not cause any direct harm or death, it would not be as clear what NATO’s course of action would be (if any).
Russia may employ a strategy to undermine NATO by causing chaos but by attempting not to escalate attacks to the point of NATO responding by invoking Article 5. Their goal would be to break NATO apart and undermine belief in collective defense without actually triggering a war. This strategy poses significant and obvious risks including those of miscalculation, mistakes, and the chance of an escalation spiral.
ChatGPT and Availability of AI Tools
Though ChatGPT and new AI tools like it were once only available to government agencies. These sophisticated tools are now widely available and relatively low-cost or free.
Threat actors can use tools like ChatGPT, DALL-E 2 and other AI tools to enhance spearphishing campaigns, write malware, and in certain cases even imitate the voices and images of individuals. This will likely create an enormous risk to organizations as it becomes increasingly difficult to verify identities.
Disinformation and Misinformation
Disinformation and misinformation is not new, as the USSR is well known to have spread misinformation before, such as with the AIDS pandemic.
Now, there are greater and faster connections available such as through social media that also allows for disinformation campaigns to be more precise. Russia in particular has been innovating in creating new ways to spread disinformation and undermine democratic political institutions in Western countries.
For example, Russian disinformation campaigns targeted some American companies involved with the COVID-19 vaccines to undermine public health and the perceived legitimacy of information.
Companies must be aware of and proactively searching for any attempt for reputational harm. Receiving early warning that your organization is the target of a disinformation/misinformation campaign can prove pivotal in taking down disreputable sources and providing clear messaging to the public.
How Flare Can Help
Flare enables you to automatically scan the clear and dark web for high-risk external threats before malicious actors get to them.
Flare facilitates you and your security team to:
- Identify threats five times faster
- Reduce noise by about 40%
- Cut incident response costs by about 90%
Curious about how Flare can help your organization become more secure? Request a demo to learn more.