How the Current Geopolitical Situation is Affecting Cybersecurity Landscape

In the day-to-day operations of any business, we constantly weigh the risks associated with state actors using cyberspace to project power and the structural forces affecting our businesses, including the risks related to how we construct our IT systems and deal with quick technological advancements. We generally keep an eye on structural and geopolitical variables to position ourselves to handle the impact. As we adopt new working practices that the pandemic has expedited, we try to regulate and respond to the rapid technological changes within our organisations.

Coordinated cyberattacks have arisen as a component of the offensive since Russia’s invasion of Ukraine started in early 2022, affecting businesses in these nations and around the world. In the wake of the invasion, it has become clear that hybrid warfare is the new regular and that geopolitics and cybersecurity are intertwined.

Organisations in Ukraine have experienced threats during the past six months, including significant distributed denial-of-service (DDoS) assaults, a spike in malware activity, persistent and targeted phishing attempts, disinformation efforts, and assaults on cyber-physical systems.

All companies that rely on the Internet were unintentionally drawn into the conflict. Western businesses have entered the fray, including Microsoft and Fortinet. Microsoft to share intelligence to disrupt a large-scale malware attack targeting Ukraine. Fortinet to stop a large-scale distributed denial of service attack.

Russian State-Sponsored APT Behavior

According to CISA, Russian state-sponsored advanced persistent threat (APT) actors have traditionally gained early access to target networks through spearphishing, brute-forcing, and exploiting known vulnerabilities against accounts and networks with poor security.

Russian state-sponsored APT attackers have also displayed advanced tradecraft and cyber capabilities by compromising third-party infrastructure and software or by creating and distributing unique malware. The attackers have also demonstrated their capacity to use valid credentials to sustain long-term, persistent, undetected access in compromised networks, including cloud environments.

No Geographical Boundaries

It’s crucial to remember that, unlike physical conflict, cyber warfare has no geographical boundaries. For instance, since the invasion started, at least three German energy businesses have been the target of cyberattacks. As well as activity from non-state players, such as the Anonymous hacker organization waging war against the pro-Russian Conti ransomware gang, we’ve seen cyber actors in other regions, like China, exploit the situation to spread threats.

Cyberthreats are expected to last at least as long as the physical battle. The “fog of war may hamper situational awareness,” and panic may raise the possibility of errors, which will favor evil actors. Worldwide organizations will be affected by a heightened danger environment, even though the specific implications of personal attacks will vary.

Targeting energy infrastructure

According to the ENISA Threat Landscape report’s assessment, state-backed entities will continue to engage in disruptive or harmful operations as long as the Russia-Ukraine conflict persists. Prime targets in Ukraine include government and military networks and the energy and communications sectors (about crucial infrastructure).

The report claims that cybercriminals are still upsetting the industrial sector. It is accurate to say that cybercrime assaults on operational technology (OT) systems will become more disruptive, as predicted in last year’s research.

Ransomware was the main reason for compromises in the industrial sector between July 2021 and July 2022, with the manufacturing industry being the most attacked. Attacks that cause disruption significantly impact other industries, energy being one of them.

And the increasing digital transformation of the industrial sector and the greater interconnectedness between IT and OT networks are two critical factors for ransomware organisations targeting OT operations.

Impacts and Actors

Five categories of impact were identified by an impact evaluation of the threats: reputational, digital, economic, physical, and social harms. Due to victims’ failure to provide information or their inability to provide complete information, the impact of the majority of occurrences is still unknown.

Prime threats’ motivations were examined. The analysis showed that the only reason for ransomware is monetary gain. Geopolitics, with its threats including espionage and disruptions, can motivate state-sponsored organisations. Ideology may also be the driving force for hacktivists’ online activities.

During the reporting period, state-sponsored, cybercrime-related, hacker-for-hire actors and hacktivists remain the primary threat actors.

The number of events in the NEAR category has remained high over the reporting period, according to an examination of the closeness of cyber threats to the EU. Affected networks, systems, and controlled and ensured systems within EU borders fall under this category. The impacted population living inside EU borders is likewise included.

Emerging trends

Significant trends were found, according to the report. Among the most notable of these are:

Threat actors’ new tool for achieving their objectives is a zero-day exploit, a software flaw found by attackers before the manufacturer is aware of it. Since the Russia-Ukraine war, a new wave of hacktivism has been noticed.
As mobile networks and the Internet of Things (IoT) is already being exploited in cyberwarfare, DDoS attacks are becoming more complicated.
By saturating government agencies with phoney content and comments, the development of bots that mimic personas can easily disrupt the “notice-and-comment” regulation process and community participation.

Sophisticated Scams

Attacks using business email compromise (BEC) are rising due to increased data availability and digitisation, remote working, and increasingly sophisticated “deep fake” technology and virtual conferencing. According to the FBI, BEC fraud totalled $43 billion worldwide from 2016 to 2021, with a 65% increase in fraud between July 2019 and December 2021.

Criminals are now exploiting virtual meeting platforms to mislead employees into transferring money or sharing sensitive information, signalling increased sophistication and target redness of attacks. A bank employee from the UAE(United Arab Emirates) moved $35 million last year after being tricked by a company’s cloned voice. Artificial intelligence increasingly enables “deep fake” audio or video that impersonates senior executives, making these attacks possible.

The threat of cyber war

As the likelihood of espionage, sabotage, and harmful cyberattacks against businesses with ties to Ukraine and Russia, as well as friends and those in neighbouring nations, rises, the war in Ukraine and broader geopolitical tensions are significant factors redefining the cyber threat picture.

The supply chains, corporations, and critical infrastructure might all be the targets of state-sponsored cyberattacks. The risk of a hybrid cyber conflict has increased efforts in the insurance market to address the subject of war and state-sponsored cyber attacks in wording and give consumers clarity of coverage, even though acts of war are generally prohibited from traditional insurance policies.

Experts identify several other trends

Hackers target weak supply chains: Supply chain attacks have become a significant concern, whether they target critical infrastructures like the Colonial Pipeline or cloud services. Manufacturing industries are especially vulnerable as ransomware gangs increasingly utilise the threat of interruption to push businesses into paying the ransom.

Cloud outsourcing: Despite growing worries about security and risk aggregation, businesses keep moving their services and data storage to the cloud. Society is forming massive concentrations around a couple of single points of failure by relying on a small number of providers for cloud services or cyber security. It’s a frequent fallacy that the outsourcing or cloud vendor will take complete responsibility in the event of a disaster.

The importance of third-party liability, including fines and penalties, is increasing due to technological advancements, improved data collection by companies, and strictly enforced data privacy laws. Any cyber incident, including double-extortion ransomware, can result in legal action and requests for financial compensation from the parties harmed.

The improvement of cyber security needs to be improved by professional scarcity. Although boards are becoming more aware of the issue, estimates indicate that there are currently 3.5 million empty cyber security roles globally. This means that many businesses need help to fill positions, which hinders their capacity to strengthen their cyber security posture.

Many more stakeholder groups are scrutinising a company’s cyber security resilience today than there were in the past. Cybersecurity issues are increasingly being incorporated into data providers’ risk-analysis frameworks as they examine business processes to assess how prepared their clients are for cybercrime. It has never been more crucial to ensure that a company’s board of directors understands its cyber policies and procedures and that risk monitoring procedures are in place.

The insurance sector is more attentively evaluating organisations’ cyber risk profiles to encourage businesses to strengthen their security and risk management procedures in response to a more complicated risk environment and increased cyber claims activity.

How to overcome and handle things within these situations

The Russian invasion of Ukraine is the latest catastrophe to show that enterprise security and risk cannot be managed by the CISO and their team. Risk-based decision-making is much more important during crises, and company leadership must be involved at every stage. Executives are more likely to lead their firms with resilience from response to recovery if they make defendable, risk-informed decisions.

Cybersecurity and geopolitics are now inexorably interwoven. Consequently, as security leaders, you must view the global threat picture via a business lens. In this setting, every business action has security repercussions and vice versa.

Think about how current affairs are affecting corporate risk levels. What is the business’s willingness to take on that risk, and has it changed in light of these circumstances? Enterprise security directors today must concentrate on more than security flaws or technologies. Instead, they must guide the organisation in making decisions about its exposure to cyber-related risk. This new position is crucial to comprehending world events’ security implications.

Measures to mitigate the increased risk

Governments must stop state-sponsored cyberattacks, and they are doing so by fighting the ransomware epidemic. However, organisations need to be ready as hackers become more skilled and advancements like the Internet of Things (IoT) broaden the attack surface. Important actions include:

  • making sure incident response plans are current
  • making routine backups
  • Developing savvy, industry-specific threat insights
  • ensuring that your monitoring is scaled, ongoing, and affordable
  • ensuring that systems and hardware run the most recent software and that timely patches

There are specific steps to battle ransomware, which is a significant aspect of this new reality. However, it’s equally important to consider your overall cybersecurity posture. Your board may need the impetus of global news to review

Continuing the research journey

Boards and their risk managers should continue to monitor their risk profiles and appetites and identify the pertinent tipping points as firms continue to embrace digital capabilities. Successful businesses will be those that can identify, evaluate, and quantify the risks that come with opportunities while also mitigating or managing the risks related to geopolitical developments.

Businesses should continue to challenge themselves intellectually and, when practical, adopt intelligence-led capabilities that lessen the surprise and shock of local, national, and international events. Organisations can improve the clarity of complex risk landscapes and gain a competitive edge by using various tools and scenario planning to understand their risks and drivers comprehensively.

Nick Roddick

Head of Production

Elpidoforos Arapantonis

Senior IT security manager at Volvo

Elpidoforos Arapantonis aka Elpis is Chief Product Security Officer at ecarx in Gothenburg, Sweden. He has academic background in electronics with M.Sc. degrees in distributed systems, as well as in information security. He has long experience working in projects around Autonomous Driving, and Advanced Driver-Assistance Systems in OEMs, from the cybersecurity point of view. His current focus is cybersecurity on infotainment systems as well as vehicles’ off board systems.

Anders Jared

CISO at Bravida

With decades in the area of security I now lead the IT and information security work within Systembolaget AB. This proactive engagement together with my background of analyzing security breaches in criminal investigations renders me a unique understanding of both threats and prevention possibilities in our digitalized world.

Anthony Herrin

Nordic Head of Cyber Underwriting at RiskPoint Group

Anthony has 15 years of experience in the insurance industry with roles within both broking and underwriting. He has focused on cyber risk and insurance since 2015 and is CISM certified. Whilst predominantly on the broking side at Aon, JLT and Marsh over the last few years, he has recently moved to an underwriting role at Riskpoint and will lead their team of Nordic Underwriters.

Bernard Helou

Head of IT Governance at Lendo Group

Bernard has 15 years experience in information security. He has been working as a
cybersecurity consultant to CAC40 companies in Paris for 9 years before taking internal roles as information security manager. From security awareness to data protection strategy or
contingency plans, he has a good overview of security best practices.

Moa Mörner


Moa Mörner is an experienced Data Protection Officer with a demonstrated history of working with questions concerning processing on a large scale of special categories of personal data, both for Controllers and Processors. She is skilled in data protection law, advising on strategic level as well as operative, assessments and recommendations, educating, and managing incidents of personal data breaches. Moa is strong advocate for making data protection and information security working together, when the perspective of the individual (data protection) and the perspective of the organization (information security) allows it.

Today Moa is Group DPO at SJ AB.

Jacqueline Jönsson

CISO at Danish Energy Grid

During my 20+ years in the security sector I have a good feeling about what works in practice and gives results and what doesn’t. The part that engages me most is integration of technical security with legal and financial aspects as well as people’s behavior.

Core skill is CISO work and guiding board members and executives about cybersecurity, operational resilience and business assurance.

Also advice on regulations, directives and practices for the financial services and energy sector.

Jonas Rendahl

CISO at Aurobay

My name is Jonas Rendahl and I work as CISO at Aurobay (Powertrain Engineering Sweden AB). I live south of Gothenburg with my wife and daughter.

I started my interest in computers and security at an early age. I have worked within IT since early 2000 but I have worked within many different industries and areas before that. Within IT I have worked with things like development, support, testing, management, audits, disaster and recovery, architecture, operational security and almost all aspects of security you can think of.

I have a keen interest in security and love the fact that it is such a dynamic and ever-evolving industry. From all of my experiences I have learnt that nothing is static and that all experiences are something to learn from.

I am a rather pragmatic person in such respect that I try to listen the organization’s needs and weigh that against potential risks and possible and plausible security measures. I am a firm believer in simplicity over complexity and in setting up the foundation for fruitful conversations by first defining the boundaries and basic concepts to ensure everyone understand each other.

Klas Themner

CISO/Deputy CEO at AMRA Medica

Klas Themner has, as AMRA’s Chief Information Security Officer, overall responsibility for the management of the company’s information security. Klas has been at AMRA since 2017, mostly in the role of COO, also keeping the role of deputy CEO. Before joining AMRA Medical he had 20+ years of experience as COO & CFO in a number of different listed medical device companies within advanced medical image processing and across all imaging modalities. Previously to Life Science, Klas spent 10 years with the Swedish defense industry. He has an engineering background and holds a PhD in Nuclear Physics from Lund University.

Lorena Carthy-Wilmot

Senior advisor in Digital Policing (DPA) at Lillestrøm police station

Former Head of the Forensic Technology Services Lab at PwC in Oslo. Now Senior Advisor in the field of Digital Forensics at the Norwegian Police, East District.


Future leader of cybersecurity sector at Einride

I'm a Senior Security Advisor within the IT/Telco domain with more than 25+ years in the industry.

Thea Sogenbits

CISO at Estonian Tax and Customs Board

Thea maintains tax secrecy of everyone in Estonia. As CISO of the Estonian Tax and Customs
Board she leads the security vision and information security management programme as well as the certified information security organization within the ETCB.

Her academic research focuses on the value chains and business models of professional
organized cross-border transnational cybercrime.

She trains and mentors military, public and private executives on hybrid defense and integration of next level defenses to organizational daily policies, practices and culture.

Thomas Evertsson

Head of IT security at DNB Bank

If you are looking for an efficient, Get the Job Done IT Manager with high ambitions then you've found the right person. I am inspired by a fast pace and successfully driving change, both organizational and technical. I see myself as a realistic optimist who is happy to share ideas and knowledge with others. Experience has taught me to be honest, cohesive and consistent, factors I see as important to success.

Tomi Dahlberg

Senior Advisor Cyber Security at State Treasury of Finland

My executive work, IT management and governance centric career started in 1976. I'm still passionate about these topics as they evolve all the time. Since 1984 I've worked in managerial and since 1988 in executive positions in business, academy and consulting (ABC). Business executive is my main career path.

I have worked in business executive positions in software (e.g. Unic), finance (e.g. Danske Bank), telecom operator (e.g. Elisa), nanotechnology, executive consultancy, and IT services. I have written 70+ publications both academic and practical as a part-time professor in business schools since the year 2000 . My research motive is to understand in depth issues that I conduct in business.

Executive work expertise areas: Corporate governance and board work, change management and leadership, strategy work & management, business models, business development, innovation management, finance.

IT executive expertise areas: governance and management of IT, OT, digital business and platform business, CIO/CDO work, IT service management, data management, business and IS development methods.

Benjamin Bauchmann

CISO at Ströer SE & Co. KGa

Speaking session - March 16th, 2023

Visibility is crucial: E-criminals will find your internet-facing assets you do not know much about

You can only protect the assets you know of, so it’s important to have a high visibility on all your internet-facing assets. Even more in times like these in which states/hackers/the bad guys try to cause havoc. They do not need to target you specifically, but they will find your assets, you do not know about.
Biography: If he had been in Troy then, the city would still be standing today. When it comes to security, most people rely on offerings to the IT gods. Not so Benjamin Bachmann, because he sees cyber security as a holistic issue that must consider and address the triad of people, organization and technology in equal measure. In other words, they form the foundation of a sustainable and livable security culture. An industrial engineer by training, he felt called to promulgate these early on on behalf of various consulting firms. Today, as Vice President Group Information Security at Ströer, he is responsible for the strategic security of the entire Group and develops implementable, useable and human-centered security concepts for the subsidiaries. Privately, he has been battling with his friends for years to see who can bake the best wholemeal sourdough bread, is on a sustainable journey and shows that cyber security is not dry-as-dust topic.

Tobias Ander

CISO at Örebro kommun

Speaking session - March 16th, 2023

Raising a cybersecurity culture! - Why is it so important?

Tobias will be delivering an insightful talk on how to comprehend the security implications of a futuristic security strategy. This talk will focus on the importance of incorporating the security function into crucial decisions, and will provide an overview of what such a strategy would look like. He will examine the emerging technologies in the field of security, and explore how they will influence the security strategies of tomorrow.
Biography: Tobias Ander got more than 20 years of experience in information security. Today he is CISO at Örebro Kommun, runs his own company Securebyme and recently released the book Informationssäkerhetskultur (Information security culture) in swedish. Tobias was awarded “This year’s GRC-profile” in 2017 for his commitment in Governance Risk and Compliance.

Ståle Risem-Johansen

CISO at Spare Bank

Experienced senior manager with 20+ within Energy sector as CIO and CISO. Chairman of the Board of Nationwide Security forum in Norway (Energy Sector) for 7 years. Confident with working with regulator and The Office of the Auditor General Strong relationship-builder always aiming to Learn more. If security is done the proper way it will become a business enabler. Currently hold the position as CISO in SpareBank 1 SMN – a part of SpareBank 1 alliance.

Raviv Raz

Cyber & AI Innovation at Ing

Speaking session - March 16th, 2023

How will AI impact CyberSecurity in near future

  • AI is gradually taking a prominent part in Cybersecurity
  • Recent developments in offensive AI pose, in a close future, threat to  conventional security measures, arming malicious hackers with a powerful  technology previously unavailable to the masses
  • Innovative Advancements on both sides of the force
  • Is AI going to help to save the security staffing shortage or lead to a dark future

Raviv has pioneered and disrupted several domains in Cybersecurity including:

  • Network Access Control
  • Web Behaviour Analytics
  • Programming Language Processing

As part of his R&D work in ING he co-founded the CodeFix and PurpleAI innovation initiatives: reducing false-positive alerts in application security testing and using AI in offensive security testing.
Specialising in Application Security, Raviv has blogged, lectured, appeared in the news and released open-source tools used by tens of thousands of hackers.

Including R.U.D.Y that appeared on the TV show Mr. Robot