For some years now, geopolitical conflicts have been as much about bits and bytes as they have boots and bullets. The digital landscape has become a battleground in its own right, with state-sponsored cyberattacks becoming increasingly common. From social engineering and spear-phishing, right through to the highly-technical exploitation of zero-day vulnerabilities, nation-state threat actors tend to be sophisticated, organized and well-funded. 

They also tend to have very specific targets in mind, whether it’s destabilizing a rival country’s economy by attacking its financial sector, or sparking civil unrest by attempting to disrupt its supply of food or its ability to provide adequate healthcare. However, that doesn’t mean there cannot be collateral damage. 

In the run-up to Russia’s invasion of Ukraine, there was a 1,885% increase in attacks on government targets, a 775% increase in attacks on healthcare providers, and a 152% increase in attacks on the education sector.

The conflict in Ukraine, for instance, has increased the “spillover” risks of global cyberattacks considerably. While nearly 9 in 10 cyberattacks worldwide are currently targeting Russian or Ukrainian organizations, the fallout from those attacks is likely to impact the entire global threat landscape. While the NCSC advised there are no direct threats to UK organizations as a result of the conflict, it did emphasize that companies should still be taking action now to bolster their cyber resilience.

How threat actors are selecting their targets

Just because state-sponsored cybercriminals are currently targeting government organizations, it doesn’t mean private corporate entities are safe. Software supply chain attacks, such as last year’s SolarWinds breach, can impact tens of thousands of businesses in pursuit of an actual target. The SolarWinds breach, suspected to have been orchestrated by Russian actors, not only impacted government organizations like the Department of Justice and the Pentagon, it affected more than 10,000 businesses across a variety of sectors. 

The risk of collateral damage from state-sponsored cyberattacks is something that every business in every sector should be mindful of when reviewing their security controls and risk posture. 

The fallout from cyber warfare isn’t a new threat. In the past decade, there has been a 440% increase in global cyber warfare attacks, with businesses often getting caught in the crossfire. As government organizations, private companies, and the software supply chains that connect them, get ever more sophisticated and interdependent, the risk to all organizations increases – not just those that are targeted.  

Increasing your organization’s cyber resilience

We’ve already established that, whether targeted or not, your organization is more at risk given the situation in Ukraine right now. Whether your organization is likely to be a target of nation-state actors or not, now is the time to increase cyber resilience and the robustness of your default risk posture. 

Organizations must start viewing the threat landscape holistically rather than as a sequence of individually targeted attacks. 

The principle of zero trust or “least privilege”, for instance, should be a core part of any organization’s overall security policy and culture. We live in an age where even relatively trivial and basic settings such as DNS entries can be hijacked and used by attackers to gain access to a company’s intranet. 

Zero trust is useful because when hackers do breach a network they very rarely land in the place they intended to be, which means they often move laterally around a network until they find what they are looking for. By employing zero trust as well as other measures such as multi-factor authentication, organizations can stop these lateral movements and limit the amount of potential damage an attacker can do.