State-aligned adversaries and COVID-19: How has COVID-19 impacted your strategic cyber threat model?
October 7, 2020
COVID-19 has caused profound geopolitical and economic change and is affecting state actors’ behaviour in cyberspace. This short blog discusses the importance of reviewing a strategic threat model now as organisations work to understand the pandemic’s impact on their state adversary cyber threat landscape.
The number of states who conduct cyber espionage against commercial organisations to support political, military or economic priorities is growing. At the same time, some states are consistently developing and demonstrating their ability to conduct higher-impact disruptive activity, often against the private sector. Impacts can be wide-ranging and severe. Theft of sensitive commercial information and intellectual property can lead to loss of market share or consequences for national security and regulatory sanction. Operational disruption can cause massive direct financial loss and reputational damage.
Understanding your strategic environment is an important goal for organisations seeking to mitigate these risks. However, COVID-19 has caused major political and economic disruption and influenced state priorities. As a result, a re-evaluation of traditional, pre-COVID-19 threat models is required. A first step in understanding your new state-aligned adversary threat landscape involves identification of priority adversaries and assessment of their intent towards your organisation. In other words, who is a threat and why? Getting answers to these questions has normally involved an exploration of internal and external factors, including:
These issues will likely continue to be of paramount importance for an organisation seeking to understand the identity and motivation of state adversaries. However, COVID-19 has already prompted significant changes in nation-state targeting. Several governments have repeatedly issued credible statements and indictments documenting state-sponsored cyber espionage campaigns to support new COVID-19-related intelligence requirements. These are likely just the most obvious public signals of the new threat liability born out of the pandemic. Over time, more evidence of states pursuing new espionage goals, or traditional goals but with increased determination, is likely to emerge. So, in order to understand the impact of these changes on your strategic threat model, organisations should ask a new series of questions, including:
Discovery questions can help identify your organisation’s exposure to the state-aligned cyber espionage that is intended to help states with their immediate COVID-19 response. However, defenders also need to consider COVID-19’s second-order effects on the threat environment. These relate to the rapid shifts in the geopolitical and economic environments in the last months and should address:
These are just some of the top line issues associated with COVID-19’s strategic impact on an organisation’s threat landscape. There will be others. Each organisation will have different priorities or exposures — and a tailored approach is vital. Exploration of the significance of the major developments in cyber-criminal activity should also occur, with significant emphasis on the new generation of extortionists and their increasingly high-impact activities. Exploring these issues will enable an organisation to better model its threat environment at a strategic level and, from that position, identify and mitigate its new threat liability in a COVID-19 world. Intelligence-led threat hunting teams need to know they are oriented to detect and counter adversaries in this new reality. Boards need to know how COVID has changed the answers to the key questions: "Who is coming after us and why?”
We recommend an external evaluation to challenge internal assumptions about the type and level of threat state-aligned adversaries pose, and to provide independent assessment of the relationship between an organisation’s assets and the identity, motivations and capabilities of its priority adversaries.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture helps organizations protect their valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
Copyright © 2020 Accenture. All rights reserved.