Global conflicts are increasingly making companies targets for cyber attacks

Geopolitical conflicts are increasingly spilling over into cyberspace and exposing private organizations to growing cyber threats. That, in a nutshell, is the conclusion of an analysis by the Association of Corporate Counsel (ACC). The analysis, authored by Robert Kang, associate professor of engineering and law at the University of Southern California and Loyola Law School, examines how modern geopolitical confrontations are increasingly expanding beyond traditional theaters of war into cyberspace, exposing private companies, research institutions and infrastructure operators to retaliation in cyberspace.

Supposedly regional conflicts have a global impact

«Geopolitical conflicts are no longer limited to physical battlefields,» writes Kang. «They are increasingly spreading into cyberspace, affecting civilian companies and public institutions around the world.» Recent developments involving the United States, Israel and Iran illustrate this pattern. Following military strikes or a tightening of sanctions, organizations often report a surge in malicious cyber activity, ranging from credential theft campaigns to DDoS attacks and network reconnaissance.

While these developments may have their origins in specific regional conflicts, the underlying dynamics are global in nature. European organizations have also been confronted with cyber activities related to geopolitical tensions, including operations related to the war in Ukraine and general strategic competition between nation states. Authorities such as the EU Cybersecurity Agency have warned that geopolitical instability is likely to lead to an increase in cyber operations by state-linked actors.

Cyberattacks on public services

This threat has already materialized on European soil in the past and continues to do so. Last week, the Cork site of medical technology company Stryker was hit by a cyber attack targeting the company's global operations. Handala, a hacking group linked to Iran, claimed responsibility for the attack. In 2022, Iran carried out a devastating cyberattack against the Albanian government that severely disrupted public services and led to the severing of diplomatic relations. This attack is widely seen as a response to Albania harboring an Iranian dissident group.

According to Kang's analysis, organizations operating in the state sector and in areas of critical infrastructure - including energy, telecommunications and financial services - are at particularly high risk in times of geopolitical escalation. Supply chain partners and research institutions can also become targets, whether for strategic intelligence gathering or as indirect access points to larger networks.

Cyber operations of states

Cyber activities in the context of geopolitical tensions are rarely accidental disruptions. Rather, they increasingly serve as a strategic tool that allows states to exert pressure, retaliate or gather intelligence without escalating to a conventional military confrontation. These operations can include credential theft, ransomware campaigns, supply chain attacks and destructive malware. In some cases, attackers infiltrate networks months or even years in advance and only activate the malware code when geopolitical tensions escalate. In the case of Albania, the attackers had access to government systems for about fourteen months before launching the attack. Kang notes that in addition to Iran, Russia and China have also been linked to long-term cyber operations targeting government and institutional networks, including those in the EU.

Cybersecurity as part of the corporate strategy

Cybersecurity is also increasingly becoming a key management issue within companies. According to the Association of Corporate Counsel's State of Cybersecurity Report, 84 % of companies now give their general counsel a key role in the company's cybersecurity strategy, highlighting the extent to which cyber risk increasingly intersects with legal, regulatory and operational decision-making processes.

The analysis urges organizations to align their cybersecurity planning more closely with geopolitical risk assessments. Organizations should ensure they have adequate monitoring systems in place, clear incident response procedures, and strengthen identity protection measures such as multi-factor authentication. At an enterprise level, these measures should be integrated into risk management processes that enable senior management and boards to maintain an overview of evolving threats and exercise appropriate oversight. European regulatory frameworks such as the NIS 2 Directive are also raising expectations for oversight of cybersecurity arrangements at board level, further elevating cyber resilience as a governance priority for company management.

Source: Association of Corporate Counsel ACC