By prioritizing key areas, security leaders can navigate the complexities of geopolitical conflicts more effectively.

Steve Durbin, CEO, Information Security Forum

March 29, 2024

4 Min Read
Chess pieces on a globe-shaped board
Source: Olekcii Mach via Alamy Stock Photo

COMMENTARY

In recent years, the global stage has become increasingly unstable, requiring organizations and security leaders to be hyper vigilant and prepared for turbulent times. While it may be difficult to predict or control macro issues, focusing on aspects of the business within their control is possible. To navigate this complex geopolitical landscape, security teams should prioritize along these five key areas.

1. The Business Landscape

In which parts of the world are you conducting business? Is a conflict brewing there? How might your organization be affected? If you're running security for a large multinational, then you'll have significant resources on the ground. Do you have a feedback mechanism in place to understand their challenges and issues? Look at the big picture from a lens of preparedness, redundancy, and resilience: Do you have adequate defenses to thwart a cyberattack and sustain business integrity? Does the nature of your business make you a prime target for state-sponsored attacks? Are your employees prepared and well trained to deal with such periods of elevated risk? Regular cyber simulation exercises have become the norm for organizations keen to ensure that their resilience and response plans are both in place and effective. 

2. The Supply Chain

Most security professionals are accustomed to dealing with technology issues. However, there's a physical component that also needs to be considered, particularly in the supply chain. For instance, when the Russia-Ukraine war began, everything from mobile phones to chips to cars were disrupted. No one fully understood the level of dependency the world had on Ukraine for certain supplies and minerals. Such supply chain complexities and risks must never be underestimated or overlooked. Businesses need to take a broader and more holistic look at the concept of security, because it is no longer confined to technology; there's a physical piece connected as well.

3. Effect on the Customer Base

Let's assume a sizable user base in a particular region or part of the world that enjoys a large share of your business is disrupted by a ransomware attack. Is the security team prepared to intercede with the necessary mitigations and backup infrastructure that can ensure the business succeeds and remains up and running? At the very least, is there a communication plan in place to inform your workforce, customers, and stakeholders about the potential fallout from such an attack or breach? If you're a public company, you'll be compelled to issue a public statement post haste to inform shareholders. These are some of the many elements that will need attention and planning. Realistically, it can be too much of a burden to bear without outside assistance from independent parties that are not susceptible to inside politics and the myopic tendencies common to ingrained cultures.

4. Information and Misinformation

Social media has changed the way we consume information. On the one hand, it has created a high degree of transparency; on the other, it has opened the floodgates for misinformation (via unintended falsification) and disinformation (via deliberate falsification). We are regularly bombarded with an overabundance of information from all sides. How does one go about distinguishing between reliable, credible information and the disinformation and propaganda flooding social media from nation state actors? Therefore, it's incumbent upon security teams to understand the channels from where these feeds derive, to control the flow of information, and to ensure that reliable sources of information are not impaired in any way.

5. Transparency, Preparedness, and Practice

To rally everyone together as a cohesive team, it is important to provide clear explanations of actions and strategies, and the reasons behind them. Employees, partners, and customers all need to understand the steps being taken to mitigate and respond to the crisis. Additionally, providing accurate and up-to-date information is crucial to prevent the spread of misinformation. Fortunately, there have been numerous successful examples in recent years, where organizations have effectively responded to major ransomware attacks. By tapping into this knowledge base and regularly practicing and rehearsing crisis scenarios, organizations can ensure they are well-prepared for any potential eventuality.

Final Thoughts

Fortunately there is increased awareness in boardrooms that "cybersecurity" is another term for business risk mitigation. Incidents and disruptions have severe implications on a grand scale that can demonstrably be measured: market capitalization, brand value, and reputation. Compared to a few years ago, security teams are today in a much better position to receive support with these challenges.

Our current global landscape demands heightened vigilance and strategic focus from security leaders. By prioritizing key areas such as threat preparedness, supply chain resilience, customer impact, information integrity, and incident response, security leaders can navigate the complexities of geopolitical conflicts more effectively. While challenges may be daunting, the increasing recognition of cybersecurity's critical importance in boardrooms is a positive sign. With proper support and proactive measures, organizations can weather these turbulent times and safeguard their market position, brand reputation, and overall resilience in the face of unforeseen disruptions.

About the Author(s)

Steve Durbin

CEO, Information Security Forum

Steve Durbin is CEO of the Information Security Forum, an independent, not-for-profit organization dedicated to investigating, clarifying, and resolving key issues in information security and risk management by developing best-practice methodologies, processes, and solutions that meet the business needs of its members. He is a frequent speaker on the board's role in cybersecurity and technology.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights