Cybercrime is becoming more geopolitically motivated. Their consequences extend far beyond financial losses for afflicted organisations - critical infrastructure like hospitals and pipelines are at risk. Everyone is now a pawn on the geopolitical chessboard.
What does this mean for organisations?
- Everyone is exposed. Even small and mid-sized companies such as regional hospitals have become targets of cyberattacks. Sometimes, companies are not even the direct target of attacks, but suffer collateral damage
- Organisations must prepare for attacks with different motivations. Motivations of nation states to conduct cyber attacks are very different to young thugs making money. Companies need to factor in these different motivations
- The weapons are increasingly advanced. In a spiralling arms race, nations are developing more powerful cyber weapons, leading to higher sophistication and complexity.
Among other best practices, the BCG article highlights the value of scenario planning to cope with geo politically motivated cyberattacks. Planning for different threat scenarios factors in the motivations of different state actors. A scenario-planning exercise focused on cyber threats should explore the answers to four questions:
- Who might attack?
- Why—what would motivate the attackers?
- Where might they strike?
- How would the hack be carried out (the potential forms of attack)?
BCG provides the example of the SolarWinds cyberattack:
Why does this matter for businesses?
It’s imperative that businesses keep in mind that everyone - no matter how small - is a potential target, and the stakes are only getting higher. Using threat scenarios helps them prepare for geopolitically motivated attacks.