The conflict in the Middle East has entered a new phase, but the cyber threats remain. Geopolitical threat actors have been targeting critical infrastructure across sectors.
With security agencies issuing warnings of attacks exploiting energy, water and government facilities in the U.S., it’s clear that organizations far from the battlefield remain in scope.
SVP of Risk and Threat Exposure Management at Dataminr.
Those aren’t the only industries impacted by the threats. Earlier in the conflict over 150 retaliatory hacktivist incidents slammed the financial sector almost immediately. Most of the organizations affected were responding with cyber risk frameworks built for a different adversary.
While criminal actors optimize for profit: gain access, steal data, encrypt systems, collect payment. Geopolitical actors follow a different logic. Their goal is to undermine trust in critical systems, disrupt operations and create uncertainty.
From reaction to pre-emption
The old ‘detect and respond’ approach isn’t enough anymore. If you wait for an attack to happen, you’re already behind. Real resilience is about spotting the threat early and fixing the vulnerabilities that allow an attack to work in the first place.
This requires a new way of calculating risk. The industry has long used a static formula: Risk = Threat x Exposure x Impact. That formula is no longer sufficient because it ignores the variable of time.
We have to factor in how fast attackers move compared to how quickly we can stop them before they strike. Projections indicate that the time to exploit a new vulnerability will soon drop from days to minutes. A manual response process cannot compete with a ten-minute exploitation window.
The high cost of the status quo
Using the financial sector as a case study, we can quantify the potential harm these geopolitical cyber threats pose. Proprietary Dataminr cyberloss data shows that the mean loss for a serious cyber incident at a mid-size bank with $1 billion in assets is $36.3 million, while worst-case scenarios can exceed $217 million.
The mean loss per serious incident for financial institutions in 2024 reached $41.8M — the highest ever recorded. Organizations cannot outspend the threat, so they have to out-prioritize it.
Current risk frameworks were built to measure breach costs, recovery time, and data loss. Geopolitical campaigns are designed to produce outcomes those metrics do not capture: payment uncertainty, confidence erosion, and operations built to look like noise until the damage is visible.
Why standard playbooks break down
Geopolitical-style intrusions are harder to detect because the attacker behaves like a patient operator. They rely on legitimate credentials, trusted vendor access, and low-volume actions that register as normal operational activity.
Standard playbooks work for simple attacks with a clear start and end. Geopolitical threats are different; they are patient and use distractions to wear you down while they hide their real objective.
This puts pressure on the seams between technical response and business continuity, particularly for small and medium-size organizations.
Making decisions about operations, customer communications, payment flows, and vendor coordination under sustained uncertainty is the real challenge.
Three strategic shifts for business leaders
Most organizations have workable controls and solid compliance programs. What they typically cannot answer is which specific exposures matter most against the adversaries active right now, and which business services get disrupted first if those exposures are exploited. Three adjustments matter most:
- Adopt a threat-informed model Instead of just listing technical flaws, look at how an outsider could actually use them to get in. Your risk reports should focus on the three biggest threats to the business this quarter, not just a tally of how many patches you’ve installed.
- Test for business disruption Practice for a shutdown, not just a data leak. You need to know ahead of time if you’re willing to pull the plug on a critical system before you’re even 100% sure it’s been hacked. That’s a business call, not a technical one.
- Map supply chain exposure Across every industry, your biggest risk is often the partners you trust most. You need to know exactly which vendors have deep access to your payments or data. Don’t wait for an annual check-up to see if that trust is being abused—you need to be watching for it in real time.
The era of treating cyber risk as a separate IT problem is over. As geopolitical tensions continue to spill into digital systems, the goal for business leaders is no longer just “security,” but operational persistence.
Moving to a threat-informed strategy helps organizations stay ahead of politically-motivated attackers instead of just reacting to them.
We’ve featured the best encryption software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
https://cdn.mos.cms.futurecdn.net/5rDPr5xYvLwnkP7ZvpR2w3-2122-80.jpg
Source link
