Gartner: Navigating the Cybersecurity Risks of 2024’s Geopolitical Turbulence

By William Dupre

In recent years, there has been a significant increase in global economic and political turmoil. In 2024, several nations will hold important elections that could further disrupt the geopolitical order. Additionally, the uncertainty surrounding AI technologies and their potential to facilitate cyberattacks and produce deceptive content, such as “deepfake” images and videos, adds to this volatile mix. Given the high stakes involved, malicious actors will likely attempt to exploit global anxiety and stress by instigating chaos through targeted cyberattacks and espionage against both public and private sector organizations.

Security and risk management (SRM) leaders need to focus on specific cybersecurity activities in order to withstand the near-term turbulence. They must address the following common security practices to prepare for, detect, and respond to security events.

Empower Security Operations and Perform Incident Response Exercises

SRM technical professionals should strive for empowerment to lead without limitations by proactively making acceptable risk decisions and collaborating with members of the security operations center (SOC) team and stakeholders. They should also plan rotations for both SOC and incident response managers (IRMs) in cases of extended or simultaneous security incidents. This will aid in ensuring prompt and efficient responses, as well as minimizing the risk of staff burnout. These activities must be coordinated with security leadership in order to be successful.

Preparing for an incident also involves running through exercises that simulate a real security event. All organizations should have an IR plan in place that outlines how to handle certain security situations.

During times of turbulence, SOC teams will consistently encounter the usual background noise of cyber events. These are the common occurrences that SOC teams must handle on a daily basis. It is crucial for SRM technical professionals to be prepared for any sudden increases or indications in this noise, which could indicate new attacks that may be part of a more serious event. These events may be influenced by geopolitical events happening at a specific time or in a particular region. As a result, SRM teams and their organizations must stay highly informed about national and global events.

Expand Multifactor Authentication (MFA) Usage and Monitor for Anomalous System Access

Attacks on identity infrastructures are on the rise worldwide. In a world where deepfakes are becoming more prevalent, this trend will likely continue. This is especially true since account takeovers and other identity and access management (IAM) attacks are commonly used by malicious actors.

SRM technical professionals must ensure that MFA is in place now for authentication across their organizations. Although not a complete solution for security, MFA will at least increase the cost for attackers to gain access to sensitive data, applications, and networks. SRM technical professionals should also be monitoring their identity infrastructure for unauthorized changes or changes outside normal channels. Liveness detection for biometric authentication may need to be considered to protect against AI deepfakes.

Inventory IoT Assets Across the Enterprise

Most organizations have installed some IoT devices throughout their facilities. These devices have been used by malicious actors to breach organizations and move across networks within those organizations, because they are difficult to successfully zone or isolate.

SRM technical professionals should have visibility into the extent of these assets throughout the enterprise. It is also important to determine if these devices have any existing vulnerabilities or if default access accounts for them have been altered. If feasible, these devices should be monitored for any malicious activity, have any default or weak passwords changed, and be separated from essential corporate and operational networks.

Create a Communications Plan to Prepare for the Inevitable

In times like the present, when uncertainty prevails, it is crucial for organizations to be prepared for an inevitable cybersecurity breach. SRM technical professionals should collaborate with internal security leaders, communications, compliance, and legal teams to develop templates for breach communications. It will be necessary to communicate with different groups, both within and outside the organization, such as employees, leadership (including boards of directors), industry partners, customers, and regulators. The objective is to ensure that incident response plans include a communication plan for both immediate response during an event and post-breach communications.

Gartner analysts will discuss more topics related to cybersecurity and risk management at the Gartner IT Symposium/Xpo conference, taking place November 11-13, in Kochi, India. Media registration can be booked via [email protected].

(The author is William Dupre, VP Analyst at Gartner, and the views expressed in this article are his own)