Most Security Pros Are Impacted by Geopolitics
Two-thirds of cybersecurity professionals have been forced to change where and with whom they do business because of escalating concerns around nation state attacks, according to Tripwire.
The security vendor polled 218 security professionals at the RSA Conference in San Francisco recently and found that geopolitical trends are exerting a surprisingly big influence on their roles.
It reflects an age in which technology providers like Huawei are being branded a security risk because of their links to hostile states, while state-sponsored attackers target both government and private sector organizations to steal sensitive information and cause disruption.
"It’s becoming clear that simply stating ‘we’re not a target’ isn’t a sufficient defense against these attacks. The interconnectedness of the modern economy means that our mental model of what constitutes critical infrastructure has become outdated," Tripwire VP of strategy, Tim Erlin, told Infosecurity.
"Most companies do better with predictability and stability, and this is true of physical as well as logical infrastructure. If you can’t count on the network within a specific country, your business will be adversely impacted. Additionally, if those business relationships are likely to make you a target for cyber-attacks, your business will be adversely impacted."
The impact of geopolitics on cybersecurity professionals is only set to increase: 87% claimed that nation-state attacks would increase ahead of geopolitical events in 2019, while over three-quarters (79%) said they are more concerned about state-sponsored cyber activity this year.
Nearly half (48%) of those polled said they believe cybersecurity implications are not taken into serious consideration when geopolitical decisions are made. A further 66% said governments are neglecting cyber versus other elements of national security.
It’s long been the UK government’s aim to make the nation the safest place in the world in which to do business online. That suggests at least that its leaders understand the importance of security at a national level.
However, its National Cyber Security Programme has been hamstrung by poor planning and management, according to the National Audit Office (NAO).
A report produced by the agency earlier this month claimed that the lack of an initial business case meant there was no way to assess whether the £1.9bn of funding was sufficient to meet its 12 strategic objectives.
What’s more, it failed to develop a “robust performance framework” soon enough, meaning that there’s still not enough evidence to prioritize funding on the objectives likely to deliver “the biggest impact, address the greatest needs and deliver best value for money.”
Source: Information Security Magazine