By Steve Durbin, Chief Executive, Information Security Forum
For decades, our world was shaped by globalisation and geoeconomics, but only recently has it shifted into one defined by geopolitical risk. Ongoing shocks on society such as the Russia-Ukraine war, the Middle East crisis, the rise of far-right populism, culture wars, immigration, climate change, etc., are reshaping global structures and relationships leading to significant realignments for 2025.
While these macro-level issues may be unpredictable and beyond any single nation’s control, businesses still have a choice to focus on factors that are within their influence. Listed below are five key areas where organisations and their risk managers must allocate efforts to navigate these uncertain times.
The Supply Chain: Few leaders fully grasped how dependent the world was on Russian natural gas. Similarly, risk managers must never underestimate supply chain security. A supply chain partner bearing a weak cybersecurity posture can leave doors wide open for hacktivists and cyber criminals. Components within security software and hardware may be susceptible to espionage and data leak. Organisations must proactively conduct risk assessments of their supply chain partners and third-party services so that threats can be mitigated appropriately.
Sufficient Risk Awareness: Cyber risk is a business risk. If you are in charge of cybersecurity for an organisation that operates across multiple geographies, then it’s important to stay alert on regional and geopolitical issues. Are conflicts brewing? How will they affect the business? Will they make your organisation a prime target for cyberattack? Are employees prepared and trained to manage such risks? Are there sufficient security defenses in place to detect and thwart cyberattacks?
Impact on Branch Offices: Say you have a sizable branch remotely located which has been disrupted by a ransomware attack. Do you have the backup infrastructure deployed and tested? Do you have a communication strategy to inform customers and relevant stakeholders? Do you have service providers in risk management that can step in locally? Are you in contact with local authorities and the government? Does your business have a recovery plan?
Preparation and Practice: When crisis strikes, the workforce must hit the ground running as a unified team. They should understand the organisation’s disaster relief plan and their role within. Delivering accurate, up-to-date information is key because it will help avoid the viral spread of misinformation. By rehearsing such crisis scenarios regularly with teams and employees, organisations can better position for any sudden or unexpected crisis.
Misinformation, Disinformation and Phishing: During a crisis, social media will most likely give rise to a wave of unintended misinformation and malicious disinformation. In such a scenario, how do customers, partners and employees access reliable and credible information? Risk managers must control all official information sources to ensure that reliable channels remain unaffected. Threat actors can use this opportunity to unleash targeted phishing attacks. Security teams must train and prepare employees to deal with such threats.
Current geopolitical tensions necessitate heightened attention from risk managers and cybersecurity teams. Business continuity relies on the ability to identify threats, to collectively respond to security incidents, to be adequately trained and prepared, to maintain supply chain resilience and demand for information integrity – all critical elements giving leadership greater confidence for managing risk.
Further information
linkedin.com/in/stevedurbin
