In a world where economies are increasingly protectionist and nation-states emphasize the own sovereignty, cybersecurity organizations must strengthen their collaboration, according to Sir Jeremy Fleming, former director of the UK’s Government Communications Headquarters (GCHQ).
Speaking at Palo Alto Networks’ Ignite event in London on March 13, Fleming said that the impact of geopolitics on the development of technologies has never been more profound, with escalating tensions and nation-state-sponsored cyber-attacks posing an unprecedented threat to global security and stability.
“These domains are so interconnected today that it should not only concern technologists but also companies’ boards and members of the C-suites,” he continued.
Ransomware to Keep Growing
Fleming, who was GCHQ’s director between 2017 and 2023, said he had never seen such a level of volatility in the cyber threat landscape.
He explained that ransomware – and cybercrime generally – continues to be the crime organizations are most likely to suffer from in the UK, the US and many other countries.
“There is no sign that it is dying down,” he commented. “Law enforcement is unable to go after the ransomware groups in a significant way to stop the trend.”
Thankfully, Fleming said organizations can protect themselves against these threats.
“Getting the basics right is still pretty good for most threats, including those involving AI,” he said.
Trends in Nation-State Cyber Threats
However, he argued that threats posed by nation-states or state-sponsored activity are almost impossible to stop.
He observed three main trends in state-sponsored cyber offensive behavior:
- Nation-states going after critical national infrastructure entities, sometimes with long periods of covert pre-positioning (e.g. Salt Typhoon campaigns)
- Information operations (mis- and disinformation) increasingly used in nation-states geopolitical playbooks
- A flow of mega breaches, such as the hack on cryptocurrency exchange ByBit
“While I am extremely wary of militarizing cyber and avoid terms like ‘cyber warfare,’ I think in the context of war like in Ukraine, cyber intrusion and information operations have been used on both sides, even though always as a part an overall military strategy, not a silver bullet,” Fleming explained.
Need for Better Cyber Information-Sharing
Fleming argued that this new geopolitical context brings increased volatility in cyber threats and motivations from states to deploy more effort to gain greater sovereignty, which requires the private sector to adapt.
He provided two recommendations for business leaders, cybersecurity practitioners and cybersecurity providers.
First, he highlighted that geopolitics must be understood across the board.
“Companies need to have geopolitical threat intelligence alongside cyber threat intelligence,” Fleming said.
Second, he said the cybersecurity industry must do better at sharing its understanding of the threats.
“No companies, including the big security companies on the West Coast of the US, can provide enough insight on their own,” he added.
“Sharing information at a broader scale and a more rapid pace will enable the cybersecurity industry to spot important nation-state activity before it causes too much damage,” Fleming concluded.