Geopolitically motivated cyber attacks are increasingly taking place not only between nations. Targets are also often public and private organizations, as confirmed by the European ENISA Agency. Companies and public authorities are required to update their cybersecurity management in order to withstand attacks.
According to ENISA, almost a fifth of incidents affected public administration alone. Further 13% targeted digital infrastructure and digital services. Small public authorities or companies (SMEs) are not necessarily the primary target. However, they can serve attackers as gateways for large corporations or states, for example if these SMEs are their suppliers.
Vulnerabilities may occur, e.g. in software products. In order to find out about such interconnections, politically motivated attackers conduct downright market research in order to reach their target via winding paths.
Data centers and IT service providers are also in focus. These are interesting targets due to access to a large number of public institutions and companies. Geopolitically motivated attackers are not necessarily after money. According to ENISA, they often want to steal information, sensitive data and trade secrets or even cause disruption or destruction.
How well organizations can defend themselves against or deal with a security incident does not primarily depend on their size. What matters is the importance of cybersecurity and what resources are made available:
# Chief Information Security Officer (CISO): Cybersecurity is no longer an issue that can be dealt with on the side. Ideally, there should be one person who is fully responsible for IT security.
# Location of the CISO: Cyber risks can become an existential threat to a company. Cybersecurity should therefore be closely hooked with the business strategy. The CISO and his team should therefore not be assigned to the IT department, but should report directly to the management board.
# Willingness to change processes: Security is a cross-departmental initiative that affects many processes within an organization. Whether human resources, procurement, finance, asset or authorization management: security should be integrated everywhere.
# Security budget: The CISO should have enough budget to purchase, customize and operate the necessary security technology that can automatically detect suspicious processes in the company network or even hire a SOC as a Service provider.
# Human resources: In addition to the technical component, an organization needs an adequately staffed cyber security department. On the one hand, protection against cyberattacks is a broad field that requires a wide range of skills. Secondly, cybersecurity is very time-consuming, as attackers do not adhere to business hours and the attacking methods are becoming increasingly complex.
# Resilient process chains: Even if cybersecurity is well positioned, a security incident can still occur. It is important to have a concept in place that proceeds effectively in the case of an incident. The processes should cover all areas: from the specialist side to technology and third parties such as service providers or customers. Plans should include reporting lines in case of an emergency and determine decision-making rules and how to react in time-critical situations. Setting up a business continuity management system addresses these challenges in a structured and sustainable manner.
Developing a cybersecurity strategy is often a challenging task. First of all, an awareness of the threat situation must be created throughout the company. Internal resistance should not be underestimated, which is why it is important to involve all employees at all levels. For the design and day-to-day operation, it can be helpful to seek external support, for example from a Managed Security Service Provider (MSSP). The technology must be regularly reviewed and updated and specialists must be kept up-to-date about the latest attacking methods and security risks. It can make sense to outsource entire sub-areas, including human resources, security technology and (sub-)processes to a service provider and use a SOC-as-a-Service, either as a cloud-based or on-premise operating model, depending on requirements. In this way, the security technology and expertise remains up to date and the company can focus on its core business.