Disruptive and costly cyber incidents are among the most business-threatening risks for companies globally. But many industries have continued to feel the brunt of significant cyber incidents by nation-states and cybercriminals alike. It is now becoming more necessary than ever for organisations to understand the nature of cyber threats affecting them and their wider digital supply chains, and to build resilience.
This is because the nature and sources of these cyber threats are likely to become more diverse over the coming years. As cyber becomes a more established component of countries’ strategic toolkits, more countries are highly likely to try to develop their offensive capabilities over the coming years. The objectives for such nation-states will probably centre around deterring or degrading their adversaries. But cyberspace will probably become a key domain for several nation-states to target commercial industries to access and/or steal sensitive information. And also potentially disrupt their operations.
This trend will make the cyber threat landscape more complex for companies.
We have already seen this trend underway over the past year or so. Take Ukraine’s rapid creation of a volunteer ‘cyber army’, which has repeatedly targeted the digital infrastructure of Russian organisations. This has taken place amid a wider surge of hacktivist attacks against European commercial entities by pro-Russia groups since 2022. Or Japan’s recent moves to shift to a more offensive cyber posture in response to rising tensions in the Indo-Pacific region. The UK NCSC in April 2023 also noted that the ‘proliferation of commercial cyber tools will pose a growing threat to organisations and individuals globally’, lowering the barrier of entry for both state and non-state actors.
This trend will also probably prompt organisations to rethink the state of the hostile cyber landscape over the coming years. Advanced Persistent Threat (APT) actors linked to China, Iran, North Korea and Russia have dominated this threat landscape, conducting data-compromising and disruptive operations against governments, businesses and critical infrastructure globally. But as countries seek to adopt more sophisticated cyber capabilities, new countries are very likely to emerge onto the scene in the coming years.
Geopolitical intelligence allows us to best foresee and anticipate threats and risks globally, including in cyberspace. And geopolitical intelligence especially enabled us to look to the future about which countries are on track to become established offensive cyber actors over the coming years.
In Strategic Outlook 2023, Dragonfly’s annual security and geopolitical risks forecast, we identified at least 27 countries that we assess are ‘rising powers’ in cyberspace. We drew upon several indicators (such as our interstate conflict risk levels, and how advanced a country’s state structures and workforce are) and our standing assessments to come to these conclusions. Countries that we assess are probably on their way to becoming offensive cyber players over the coming years include India, Poland, Turkiye and Ukraine.
Many countries appear to be developing their cyber capabilities to match or deter their established adversaries. Those with particular acute tensions with already established offensive cyber actors – mainly China, Iran and Russia – are likely to increasingly view cyberspace as an effective medium to these ends. Countries such as Algeria and Morocco, India and Pakistan, and Greece and Turkiye, have also blamed each other or groups working in their interests for disruptive cyber incidents on state and private entities in recent years.
Why should companies care? Because as the global cyber landscape becomes more diverse, threats posed to specific organisations and industries will be more complex. And with more nation-states likely to enter the fold, they will almost certainly seek to target companies as well as adversary military and government entities. This would particularly be through cyberespionage and information theft operations. These also carry a high risk of disruption. Priority sectors of interest for such states will most probably include:
- Aerospace and defence
- Energy
- Finance
- Manufacturing
- Telecoms
Disruptive or financially-damaging cyber incidents are also likely to become even more business-threatening in the coming years too. This is particularly in relation to the viability of insurance coverage in the event of a disruptive cyber incident by state-backed groups. Lloyds of London, a major insurance marketplace, this year has sought to require its insurer groups to omit ‘catastrophic state-backed hacks’ from cyber insurance policies. Insurance coverage was a major issue during the WannaCry and NotPetya global ransomware attacks in 2017; both led to billions of dollars of economic losses and damage.
In many countries where civil freedoms are restricted, they will also probably increasingly try to monitor and surveil NGOs, the media, political opposition and repressed or persecuted groups (such as sexual minorities) in cyberspace. And we anticipate that they will also try to control the digital information space as a way to limit opposition dissent, criticism and promote favourable content. Belarus, Egypt, Turkiye and Uganda will be the ones to watch in this space. The proliferation of such activities will probably mean that organisations globally will have to seriously consider such digital threats in their risk registers in the long term, and bolster their capabilities to detect and mitigate them.
Manish Gohil is the lead analyst on cyber risks for Dragonfly, the geopolitical and security intelligence firm.
Image: Employees working at the Centre for Cyber Security (CCB) in Brussels, Belgium, on Wednesday, 30 November 2022. Photo by Hatim Kaghat/Belga Mag/AFP via Getty Images.