The geopolitical landscape and overlooked cyber security vulnerabilities

As digital infrastructures become increasingly linked with national security and economic well-being, geopolitics has expanded into cyberspace. Cyber-attacks have evolved beyond financial motives to become key players in geopolitical strategies.

The attack vectors vary, from ransomware attacks crippling local governments to sophisticated campaigns targeting critical infrastructure, to insiders, who deliberately, unintentionally or maliciously become a significant risk to businesses and overall national security.

An overlooked vulnerability.

An overlooked but significant aspect of cybersecurity is the insider risk, particularly the vulnerability that stems from individuals within organizations who engage in illicit material such as child sexual abuse material (CSAM).

CSAM is a growing problem globally, intensified by advancements in technology and the spread of online platforms. Research among more than 1000 senior IT security professionals shows that 64% of all organizations have experienced a case of CSAM in the last 5 years with 57% experiencing repeated incidents in the same organization. An increase in CSAM is seen across various social media platforms and on the dark web, with the Russian domain, ".ru" being the top domain used for the distribution of child sexual abuse material (CSAM).

Insiders who are compromised, either through their actions or vulnerabilities, can inadvertently become gateways for external state-sponsored hackers or criminals. These hackers or criminals might exploit or coerce such employees to gain access to secure systems or confidential data, elevating the risk of major cybersecurity incidents.

Compromised people – compromised devices.

I argue that when an individual is compromised, he or she can never be trusted. It is important to understand that their devices can also be compromised through various means. Attackers might disguise malware, including viruses, trojans, or spyware, as CSAM files, and when these files are downloaded and opened, the malware infects the computer, compromising the company’s security. Websites or peer-to-peer networks that distribute CSAM are often poorly secured and may be riddled with malware. Simply accessing these sites or networks can expose a computer to various security threats, including malware infections and unauthorized access.

The complexity and variability of insider threats present a significant challenge. Unlike external threats, which generally follow certain patterns, insider threats stem from a wide range of behaviors and motives, that are more difficult to identify and address. Additionally, life changes such as personal crises, financial strain, or shifts in ideology can turn a once dependable employee into a potential security threat over time.

The importance of forensic analysis to fortify your security posture.

The threat to businesses posed by CSAM is never just about the image itself, although one could argue that it should be enough. The questions businesses need to ask themselves are: How did the image enter the IT environment in the first place, what security controls were bypassed, and what else might have been brought in with the material?

Putting CSAM in a wider security context and providing forensic analysis after detection is crucial for understanding the full extent of the breach. Providing forensic analysis not only addresses the immediate issue of CSAM but also fortifies the organization against future threats, blending technical investigation with strategic security enhancements.

As we continue to navigate the complex interaction between cybersecurity and geopolitics, it’s imperative to question: are you truly in control of mitigating your insider risks?