4 ways to build resilience in an era of geopolitical tension and rising AI threats
COMMENTARY: Geopolitical machinations and rapid advances in technology are impacting risk management in more ways than one.
Cyber risks are no longer a series of isolated incidents, but have metamorphosed into a web of interconnected risks, driven by geopolitical tensions, fragile supply chains, expanding digital interdependencies, the rise of AI, and the continuing role of human error.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
A security framework purpose-built for isolated threats must transition to a resilience-centric environment best positioned to protect an organization’s interests at a time when global threats are bleeding critical business operations.
With 91% of organizations rethinking their cybersecurity posture because of geopolitical uncertainty, the focus must shift to resilience rather than preventing every threat.
The threats reshaping cyber risk
Cyber threats appear from every direction, and in a worst-case scenario, all at once. The diversity of these threats makes resilience a critical element of any risk management strategy. Here are the main threats:
- Geopolitical spillover: Iran-backed hackers are targeting critical infrastructure in the U.S. They also have targeted the offices of the Dubai Courts, the Dubai Land Department, and the Dubai Road Transport Authority. Such attacks are not limited to geo conflicts alone. State-sponsored actors were responsible for 17% of espionage-related breaches at financial firms. Cybersecurity has become a casualty in the geopolitical tug-of-war.
- Supply chain compromises: This represents the organization paying for someone else’s mistake, namely, our vendors, software providers, and anyone else our operations depend on. These entities are based anywhere in the world. But if their defenses fail and an attacker gets in, that breach can travel through trusted links and quickly reach our company’s environment. Supply-chain attacks rarely arrive head-on. They often come through indirect paths that make networks vulnerable because someone else in the chain was exposed first.
- Risk from legacy systems: Sixty-three percent of banks still depend on code written before 2000, and 67% say their entire technology stack would fail if those older systems stopped functioning. Many organizations realize their legacy systems cannot keep pace with an evolving threat landscape. Now look at this problem from a global perspective, with organizations running offices worldwide. Some decide to upgrade their tech stack with a modern system, but these are still connected to legacy systems. This increases the chances of vulnerabilities that are difficult to identify, monitor, or patch.
- AI-enhanced attacks: AI has shifted the balance between attackers and defenders by democratizing cybercrime and lowering the barrier-to-entry. It has given rise to zero-knowledge threat actors and can speed up reconnaissance, automate parts of exploit development, and generate more convincing phishing, impersonation, and social engineering attacks at scale.
- Human error: The best security products or strategic frameworks cannot build resilience alone. We must focus on human vulnerability, the entry point for many attacks. A lack of awareness of cyber threats, the kill chain, and prevention methods leave workers at risk.
Move beyond prevention to resilience
Traditional cybersecurity logic assumes that the right control can stop any threat. If an organization identifies certain weaknesses, these are plugged by additional means, and it goes on. Unfortunately, this idealistic mindset offers diminishing returns.
The focus should shift to realism, where we assume that we can’t block not every threat, but despite the consequences, the wheels of the organization must continue to turn.
Cybersecurity must run on the idea of the minimum viable company. This means we have to develop a list of all the essential operations that must continue irrespective of any security incident. This sets the stage for resilience to enter the picture:
- Identify the crown jewels of the business: This includes systems, processes, or suppliers that are absolutely critical to specific operations. Reduce points of failure, prepare comprehensive backup and recovery plans, and train top stakeholders on how to handle disruption.
- Bake resilience into systems in bite-sized stages: Tackle the top risks first and then work down the risk ladder.
- Think proactively, not retrospectively, when building resilient systems: Test systems for real-world risk scenarios early and focus on governance and policies from the start.
- Run continuous tests: Resilience breaks down with a “set-it-and-forget-it” mindset. We must continuously test resilience with forward-looking simulation exercises. This helps improve the security framework and plugs identified gaps in a timely manner.
Taken together, these steps make resilience less reactive and more deliberate, focused on critical assets, built in phases, planned early, and strengthened through continuous testing.
We shouldn’t view resilience from a security or IT function perspective. Global threats have operational, financial, and strategic impacts that directly affect the board. A lack of resilience will impact service continuity, reducing stakeholder trust and investor confidence. That’s why we must see resilience as a risk management issue controlled in a top-down manner from the boardroom.
The organizations best positioned to navigate today’s geopolitical waters are not those that think they are fully protected, but those that build capacity to keep operating when disruption inevitably arrives.