Verizon’s 2019 Data Breach Investigations Report (DBIR), an industry benchmark for trends in cybersecurity, validates the growing intersection of geopolitics and cybersecurity. Two particular insights in the data driven report highlight how geopolitics continues to shape the threat landscape faced by businesses.
Most importantly, the DBIR highlights a substantial increase in state-backed data breaches over the course of 2018, as countries or state-affiliated actors accounted for 23 percent of all data breaches, up from 12 percent in 2017.
This increase is reminiscent of a similar jump in state-backed data breaches between 2015 and 2016, as well as between 2011 and 2012.
Given that state-backed attacks are likely undercounted, due to the challenges of confidently determining attribution, these consistent spikes in state-backed activity provide further confirmation that state actors are now major players in the corporate cybersecurity arena.
Corporate leaders therefore need to take proactive steps to identify critical assets that could be targeted by intelligence services or affiliated entities, with a focus on identifying, monitoring and remediating their companies’ broader exposure to geopolitical risks.
In order to do this effectively, companies can no longer silo geopolitical risk analysis and cybersecurity functions, and instead need to encourage collaboration and a cohesive approach when designing and implementing their overall data protection and security strategy.
One way to do this is to integrate threat intelligence and management functions to identify, monitor and address vulnerabilities with geopolitical root causes, that could be exploited by a geopolitically motivated attacker via a cyber vector.
A further important insight in the DBIR is that state-backed data breaches are not merely problems for companies in the public and information sectors – rather, all companies that collect and hold data that could be of interest to intelligence services or governments should consider themselves possible targets, regardless of size.
Results from the DBIR reveal that state-affiliated actors are responsible for 96 percent of all data breaches related to cyberespionage, and cyberespionage is rampant in nearly every major industry, from finance (10 percent of all breaches), to education (11 percent), and even manufacturing (27 percent).
The data reveals that state-affiliated actors look to target companies from all sectors, and not just companies contracting with adversarial governments or the defense sector.
Additionally, companies need to understand not only their own exposure, but also that of suppliers, third party vendors, and joint venture or other foreign partners, since these have all been demonstrated to be effective vectors for gaining access to valuable information and intellectual property.
The best way to ensure this is to have a robust vetting process for outside vendors, to uncover any political connections these vendors may have, including with state owned-enterprises and intelligence organizations.
Companies must also ensure that third parties have limited access to sensitive data, taking care to grant access only after methodical review, only to particular information needed to fulfill a task, and revoke it immediately after completion.
The data from Verizon’s DBIR provide solid evidence to show that geopolitical risk needs to be a higher priority for corporate information security leaders working to better protect their organizations against state-sponsored or state-affiliated attacks and breaches.
VerSprite offers a range of services designed to help companies assess, analyze, and address their exposure to geopolitical risk. Geopolitical Risk consulting can help you further unlock your organization’s potential by discovering previously unforeseen opportunities for you to flourish in the global economy.