NCSC Urges Businesses to Track Geopolitics for Better Cyber Defense

Businesses must stay informed on global geopolitical developments to effectively counter growing cyber threats, warned Paul Chichester, Director of Operations at the UK’s National Cyber Security Centre (NCSC), during his keynote at Infosecurity Europe 2025.

Chichester highlighted that countries like Russia and China are no longer just cyber players but strategic actors using hacking to pursue military and ideological goals. “States don’t do hacking for fun,” he emphasized. “There’s always intent—often strategic—even if we don’t immediately see it.”

He stressed that cybersecurity is no longer purely technical; it is a direct extension of national strategy. Companies, especially those targeted by advanced persistent threats (APTs), need to evaluate why they are being attacked and integrate geopolitical intelligence into their defensive posture.

Russia’s cyber operations have grown increasingly sophisticated, particularly since the Ukraine invasion. Chichester cited attacks on supply chains, especially those linked to Ukrainian aid and military logistics, as a recurring tactic. Microsoft, for instance, previously flagged the Russia-backed Seashell Blizzard group for deploying Prestige ransomware against such targets.

Russian military intelligence, specifically Unit 29155—infamous for the 2018 Skripal poisonings—is now blending real-world sabotage with cyber operations. This hybrid approach was evident in the 2022 Viasat hack, launched on the day of Russia’s Ukraine invasion. The attack crippled Ukrainian command systems and disrupted services across Europe, including thousands of German wind turbines.

Meanwhile, China’s cyber aggression is also intensifying. Chichester pointed to groups like Volt Typhoon, which infiltrated the US electric grid for nearly a year, and Salt Typhoon, which hit American telecom providers in 2024. These actors appear to be ‘pre-positioning’ for future large-scale disruptions, according to warnings from agencies like CISA.

Despite these escalating state-sponsored threats, financial motives still drive most cybercrime. In another keynote, James Lyne and Ciaran Martin of the SANS Institute reminded attendees that fraud and financial theft remain dominant attack vectors for most organizations.

Still, Chichester’s message was clear: geopolitical awareness is no longer optional—it’s a vital component of modern cybersecurity.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com