In today’s volatile geopolitical and economic climate, bad actors such as cybercriminals are lying in wait, seeking to take advantage of the situation to conduct an attack and further their criminal enterprises. Businesses often overlook this fact, which could expose them to a crippling attack, a cybersecurity expert said.
“Bad actors are always looking for opportunities to leverage turmoil as a prime opportunity to attack,” said Jeffrey Wheatman (pictured above), senior vice president at Black Kite. “The noise distracts people and organizations – people often stop paying attention to things that should be top of mind, like having and maintaining good cyber hygiene.”
According to Wheatman, bad actors exploited the chaos caused by the COVID-19 pandemic and resulting lockdowns. Many people were suddenly thrust into an unfamiliar work-from-home environment, which led to lapses in security.
“During the pandemic, stores and gyms closing threw a wrench into people’s everyday routines,” Wheatman said. “Goods became scarce, giving bad actors the perfect opportunity to craft fake ads to steal credit card information on Facebook and other social media platforms. Many people fell for these schemes, including me, which leads to having to cancel credit cards and get new ones. The panic that comes from not being able to easily access goods can lead to many poor decisions online. Understandably, when users are nervous about the health and well-being of friends and family, being cyber-safe takes a backseat.”
Bad actors also hide behind the veil of war. According to Wheatman, it is no coincidence that cyberattacks have increased since the Russia-Ukraine conflict began in February. Microsoft reported that Russian hackers have targeted more than 120 organizations in 42 countries outside Ukraine since the war began, with US-based targets making up 12% of these attacks.
“Geopolitical conflicts provide ample opportunity for bad actors to strike – and they will,” he said.
Wheatman provided an example during the Russia-Ukraine war, where the Russian invaders attacked Ukraine’s traditional telecommunication pathways. To help regain communications, Starlink was rolled out in the closed-off regions of Ukraine.
“As frequently happens, when a technology becomes ubiquitous, researchers and attackers take a closer look,” Wheatman said. “Back in August, researchers were able to compromise a Starlink user terminal, inject code, and potentially upload code to the satellites – while only using $25 worth of hardware. Would you be surprised if attackers were able to do something similar, or worse? It has long been proposed that the future of warfare will be a hybrid between traditional kinetic attacks and cyberattacks – with one being used to distract defenders as a prelude to the other – and I think the future is now.”
Given this dire situation, Wheatman said that businesses must be able to analyze the cyber weaknesses of their suppliers and other third-party vendors to reduce vulnerability to bad actors.
“Companies worldwide have seen an increase in cyberattacks, specifically targeting their digital supply chain as a method of access and they have experienced the ‘shock waves’ of third-party incidents,” Wheatman said. “Even if a company considers itself to have robust security protocols, it only takes one vulnerable vendor to be susceptible to an attack.
“According to our latest annual Third-Party Breach Report, software vendors were the most common source of supply chain attacks, accounting for 25% of all incidents in 2021,” he said. “Additionally, 1.5 billion users’ PII was leaked due to a third-party breach. Recovery after exposing sensitive data is both expensive and time-consuming and plays into the aggregation risk of a situation.”
Wheatman highlighted the importance of shielding the third-party route, with analytics firm Forrester predicting that 60% of security incidents in 2022 will result from third-party incidents.
“In the insurance market, third-party vendors rarely meet the insurance requirements established by the companies that hire them,” he said. “This is a sobering fact – considering by 2026, the global cyber insurance market is forecasted to grow at a compounded average of 25% yearly. It’s crucial that insurance companies assess their cyber posture and make improvements now.”
Many major cyberattacks begin with bad actors attacking via third parties, before island-hopping their way into their target organizations.
“We're redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker's perspective,” Wheatman said. “Our recently announced FocusTags provide a fast and simple way for users to track high-profile cyber events and quickly identify which vendors have been affected within their supply chain. When cyber events disrupt the digital supply chain, time is of the essence. FocusTags provide immediate visibility into the cause and effect so companies can manage the incident and protect their bottom line. And Black Kite’s Ransomware Susceptibly Index provides unique insight into your exposure to ransomware within your digital and physical supply chain.”