By Devin Partida, Editor-in-Chief, Rehack.com.
Addressing cyber risks is rarely a cut-and-dry experience. Cyber security is constantly evolving and shifting to face new threats and actors worldwide. Much of the action occurs on the digital playing field, but can the physical location of a business or organization increase the number of cyber attacks?
With clarity on the role of geography in cyber security, organizations can make the most informed and secure decisions possible.
Forming a perspective shift
No one can simply ask, “what is the threat level in this country?” Executives often view cyber security through the same lens as extreme weather and governmental taxation. These factors undoubtedly affect operations based in a given region, but they do not inherently increase or decrease cyber risks.
Generally, political power and violence tend to influence the number of cyber attacks. Some common attack number factors are:
- Local or nationwide shifts in power or protests
- Socioeconomic inequalities and rising tensions
- Political elections, events and wars
Additionally, businesses that contribute to a national infrastructure or deal with sensitive information for a foreign country may face increased attacks in the name of espionage activity. Working alongside or forming a partnership with a state-funded organization will work similarly.
Motivations may change over time, too. Organizations working alongside nation-states facing allegations of anti-democratic policies or injustices may find increased exposure to hacktivist activity.
It is not as easy to say that a specific region is prone to more attacks than others because of the fluidity of the political events that often spark cyber attacks.
Using geography as a guide
What about a smaller-scale approach? Can firms find regions within their countries that are more secure than others? One possible route to explore is the analysis of demographic and geographic campaigns.
Many professionals may already be familiar with using such maps in marketing campaigns to target a specific audience. In some cyber security firms, professionals may use these maps to recruit in areas rife with talent or the zip codes that may be best for further market research.
A nation-state’s general rules and regulations are also important to review. The European Union’s cybersecurity act enforces new standards for sharing information between businesses and key security groups. These laws offer an added layer of protection and collaboration to firms in this region.
Firms can use context and market research to narrow down target areas, find well-equipped cyber security professionals and collaborate with the local government.
Understanding the limits of borders
Considering the physical location of a firm can be beneficial, but professionals must remember that politically based attacks can happen anywhere. Hackers look for the easiest way to attain their information or pose their attacks. They do not necessarily need to be in a specific country to launch a campaign.
Furthermore, risk assessment may change at the drop of a hat. Political espionage and unrest in the spring of a year may dissipate by the fall. These attacks may also spread beyond borders. In 2017, NotPetya launched a wiperware campaign aimed at Ukraine. The malware leaked into surrounding networks and across the boundaries of countries and continents.
Cyber security is a comprehensive science and requires a nuanced understanding of the motivations of hackers and attackers. Sometimes attackers’ missions lie in contributing to localized unrest and power squabbles, but there are myriad factors that a firm can attribute to any one attack.
Taking a dose of nuance
Cyber security relies on nuance and change. It is crucial to consider location, particularly any brewing political unrest, but geography is only part of the puzzle. Companies can build a more secure defense for the future by gaining the full picture around safety concerns and potential threats.
For more insights from Editor-in-Chief of Rehack.com, Devin Partida, please see CyberTalk.org’s past coverage.